Search squid archive

https not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have squid working for http, but https connections just fail.

I have tried squid 2.5 on centos 3 via rpm, as well as squid 2.6 on centos
5 via rpm as well, but neither work for me.

Can someone please let me know what I am missing.

In my access log I see the following when trying to access a site
https://mail.domain.com, but the site does not appear and firefox/IE error
out "The connection was reset"

<snip /var/log/squid/access.log>
1192640469.146 5 192.168.0.118 TCP_MISS/200 39 CONNECT mail.domain.com:443 - DIRECT/24.10.210.133 -
</snip>

Here is my config

<snip /etc/squid/squid.conf for squid 2.6>

http_port 3128

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm keep_alive on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib64/squid/wbinfo_group.pl

Brefresh_pattern ^ftp:         1440  20%   10080
refresh_pattern ^gopher:      1440  0%    1440
refresh_pattern .       0     20%   4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443       # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210       # wais
acl Safe_ports port 1025-65535      # unregistered ports
acl Safe_ports port 280       # http-mgmt
acl Safe_ports port 488       # gss-http
acl Safe_ports port 591       # filemaker
acl Safe_ports port 777       # multiling http
acl CONNECT method CONNECT
acl local-servers dstdomain .domain.com
acl FTP proto FTP
acl smtcorp_pub snmp_community public
acl unrestrictedusers external nt_group INTERNETOK_NT_GROUP
acl NTLMUsers proxy_auth REQUIRED

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access allow unrestrictedusers
http_access deny !NTLMUsers

http_access deny all
http_reply_access allow all

icp_access allow all
cache_mgr root@xxxxxxxxxx
visible_hostname proxy.domain.com
unique_hostname smtcorpx07.domain.com
append_domain .domain.com
always_direct allow local-servers
always_direct allow FTP
snmp_port 3401
snmp_access allow snmp_community all
mail_from squid@xxxxxxxxxx
coredump_dir /var/spool/squid

<end /etc/squid/squid.conf>
-- 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux