My issues are as follows: Issue 1: When I view a page from my website that is https, from the time I first hit it, my access.log file gets hit with repeated TCP_MISS/200 for the page and all the images. I have squid 2.6 STABLE9 running on a Red Hat Linux Enterprise 4 box. Issue 2: I get periodic fwdNegotiateSSL: Error negotiating SSL connection on FD 23: error:140940F6:SSL routines:SSL3_READ_BYTES:unknown alert type (1/-1/0) errors when I have squid started via command line and can see its console. My squid.conf file is below: # Run Squid in virtual host mode http_port 80 vhost # company 1 reverse proxy config https_port 172.16.0.107:443 protocol=https vhost cert=/usr/local/squid/etc/devstore.pem key=/usr/local/squid/etc/devstore.key cache_peer 192.168.0.7 parent 80 0 no-query originserver name=store.company1.com acl company1 dstdomain store.company1.com http_access allow company1 cache_peer_access store.company1.com allow company1 # company 2 Change reverse proxy config https_port 172.16.0.111:443 protocol=https cert=/usr/local/squid/etc/devstore.pem key=/usr/local/squid/etc/devstore.key vhost cache_peer 192.168.0.11 parent 80 0 no-query originserver name=store.company2.com acl company2 dstdomain store.company2.com http_access allow company2 cache_peer_access store.company2.com allow company2 # company 3 reverse proxy config https_port 172.16.0.105:443 protocol=https cert=/usr/local/squid/etc/devstore.pem key=/usr/local/squid/etc/devstore.key vhost cache_peer 192.168.0.05 parent 80 0 no-query originserver name=tradewins.company3.com acl company3 dstdomain tradewins.company3.com http_access allow company3 cache_peer_access tradewins.company3.com allow company3 # company 4 reverse proxy config https_port 172.16.0.106:443 protocol=https cert=/usr/local/squid/etc/mycert.pem key=/usr/local/squid/etc/mycert.key vhost cache_peer 192.168.0.06 parent 80 0 no-query originserver name=store.company4.com acl company4 dstdomain store.company4.com http_access allow company4 cache_peer_access store.company4.com allow company4 # company 5 reverse proxy config https_port 172.16.0.120:443 protocol=https cert=/usr/local/squid/etc/opcert.pem key=/usr/local/squid/etc/opcert.key vhost cache_peer 192.168.0.20 parent 443 0 no-query originserver ssl name=opaccess.company5.com acl company5 dstdomain opaccess.company5.com http_access allow company5 cache_peer_access opaccess.company5.com allow company5 # --- Begin default config options --- # hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # And finally deny all other access to this proxy http_access deny all # and finally allow by default http_reply_access allow all #Allow ICP queries from everyone icp_access allow all # Leave coredumps in the first cache dir coredump_dir /usr/local/squid/var/cache *************************************************************************** Privilege and Confidentiality Notice THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER THE APPLICABLE LAW. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any use of, disclosure, dissemination, distribution, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email or telephone, and delete the original message immediately. ***************************************************************************
