WCCPv2 and Squid-cache v3.1, a nice couple.

CCIE, the beginning!

WCCP protocol can be much more interesting than the two commands needed for the CCIE exam. In this lab we will deploy a basic end-to-end solution using IOS 15.2S and the well known open-source solution Squid v3.1 as the content engine.

WCCP version2 is deployed in the lab.



WCCP enables the router to transparently intercept client traffic destined to Internet and redirect it to a local content engine. Client browsers doesn’t point to the content engine as proxy.

Cisco and the content engine communicate through unidirectional point-to-point tunnels (either layer2 or GRE ).

2-WCCPv2 Interception


The tunnel interfaces are automatically created in order to process outgoing GRE-encapsulated traffic for WCCP.
Short definitions of some related concepts:

Forward proxy Filter access to Internet and reduces BW related to Internet static resources like regular updates, big file downloads…
Reverse proxy Allows external users (ex: on Internet) to access internal servers. Generally supports…

View original post 567 more words

forcing oft mime type file to download

Apache is sometimes nice and sometimes ugly. Show me the ugly Apache 🙂

I have a webserver with Apache and some files doc, pdf and “oft” outlook template file.
Internet Explorer open “oft” directly without prompting and show the source code of the file.

add to your apache2.conf file following

AddType application/octet-stream .oft oft

Check your apache conf file that is allowed to use htaccess file

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

we need two mods, rewrite and headers, very often rewrite is enable, headers not so often. When you not have enable headers you will get a 500 server error from Apache.

enable headers with

a2enmod headers

apachectl restart


place your .htaccess file in your www data folder /var/www/

You need following content, this works with all other extension that you will be force to download

<FilesMatch “\.(.oft|OFT)$”>
ForceType application/octet-stream
Header set Content-Disposition attachment


That´s it




Let’s Encrypt Wildcard certificate how to

Org post see here



Reqeuirement access to dns records of the domain


wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

./certbot-auto certonly –manual -d *.domain.example -d example.domain –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory

You will be prompted to add two txt records to your dns server, you should be able to do this.


that´s all