Just compile from the source, and if it complains that it needs stuff, install those first. - Download. - Unpack (tar -zxvf squid-3.1.0.tar.gz) - cd squid-3.1.10 - ./configure --help (see options, and search web for recommended settings) - make - /etc/init.d/squid stop - make install - Check /etc/squid/squid.conf - /etc/init.d/squid start --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 9:40 PM >>> Ok, I'm happy to try that out. Could you please offer some guidance on how I would go about doing that? I found the binary here: http://people.redhat.com/jskala/squid/squid-3.1.8-1.el5/ But when I run # rpm -Uvh http://people.redhat.com/jskala/squid/squid-3.1.8-1.el5/ , I get a bunch of "dependency" errors. -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 5:53 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections As far as I know, it shouldn't. I've used the 3.1.X branch on ports such as 8009, via SSL, I only had to take care of the ACL I mentioned before it would allow it. Perhaps you might wanna give 3.1.10 a shot to see if it'll make a difference? --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 8:35 PM >>> I think the only difference was that the ssl traffic was directed to port 2087 in the failed example and the traditional 443 port in the successful one. It appears as if squid doesn't allow ssl traffic on any port other than 443. -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 5:25 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections So, what was the difference between the two when it #Worked# versus #Failed# ? The way you are typing in the URL? --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 6:29 PM >>> Ok, I just did that and it didn't seem to make a difference. As proof, here is are entries from access.log: Both of these go to the same website: #Failed# 1293750875.433 0 127.0.0.1 TCP_MISS/504 0 CONNECT 111.111.111.111:2087 - DIRECT/- - #Worked# 1293741776.191 184 127.0.0.1 TCP_MISS/200 1251 CONNECT cpanel.ourwebsite.com:443 - DIRECT/111.111.111.111 - -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 2:46 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Okay, un-comment all the irrelevant http_access lines, and leave the bare defaults of: http_access allow localhost http_access allow localnet http_access deny all Then try converting Squid to listen on port 3128, and SSH Forward only port 3128, configuring port 3128 in your browser for *all* protocols. See if that helps. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 3:55 PM >>> I did notice something interesting. While proxied, when I try to visit, say, https:\\x.x.x.x:2083 (cPanel), I get the browser error I've been reporting to you all along (http://i.imgur.com/Z7IYv.jpg). However, when I visit https://cpanel.ourwebsite.com ... it connects successfully (even with the untrusted connection). Suppose that's because I'm trying to access over port 80 this way. So what I'm witnessing is it's not so much the "untrusted ssl certificate" that's the problem ... it's trying to access any port other than 80 in the browser over SSL. (i.e. https://anything.com:1234 probably wouldn't work) I just tried https://cpanel.ourwebsite.com:2083 and it failed. -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 10:13 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections So, is the Squid Box receiving the connections, and listed in it's cache.log or access.log? Can you verify that the PuTTy / Tunnel configuration is correct, and see if there are any problems with that? --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 12:45 PM >>> I am no longer using OpenSSH/SpoonProxy - that was just an example of what I was using before I switched to Squid ... when I wasn't having problems accessing untrusted ssl connections. These two rules are in my iptables ############################ -A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT ############################ I'm using port 8080 for squid, but added the default just to see if it made a difference. - The machine running Squid is Linux-based, using CentOS, AND on a separate box as your Windows Machine? Linux with CentOS, yes, and I'm accessing that box remotely from a WinXP client box (using Putty). Those are the only two computers involved here. The old SpoonProxy server is not in the equation any more. - The Squid Machine does not have any IP Tables / IP Chains configured, correct? IP Table rules have been added for Squid ... see above. - Your LAN is behind some type of broadband connection / router / wireless configuration? Both the Squid box and the WinXP client are on broadband connections - no wireless involved. - According to reading the link below, I assume you are referring to OpenSSH as being installed on your Windows Machine (OpenSSH in my own terminology refers to OpenSSH on the Linux Box)? Yes, the old SpoonProxy server utilized OpenSSH (for windows), but that is irrelevant now. (http://sourceforge.net/projects/sshwindows/) - SSH Tunnel for Squid *ONLY* works when using PuTTy when connected to local OpenSSH, via authentication FROM the local machine? I don't fully understand the question - I'm not using OpenSSH for Windows anymore (again, that is an old box). Just using putty to remote into the CentOS box via SSH. - You can create "SSH Tunnels" using Linux, see "stunnel", and using Squid, you can configure the port for HTTPS using an SSL certificate. I'll have to read up on that, but I'd think we could get this to work with Squid/Putty because it worked on a Windows box that was supposedly just emulating that process. - The Traffic Flow in question goes in this logical PATH below: Revising... Secure SSH connection initiated over broadband connection from Laptop (on the road) to CentOS box at home running Squid (yes, this goes through two routers, both configured properly to allow SSH traffic) Laptop Firefox requests google.com:80 --> Firefox configured to send all traffic to localhost:80 --> Putty is configured to redirect all localhost:80 traffic to SSH-connection:8080 --> traffic sent securely through SSH from Laptop to CentOS box over broadband connection --> traffic received on port 8080 on CentOS box and passes on to Squid to deal with -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 9:22 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Okay, well the reasons for this is your own, but I'm simply trying to see if the Squid itself works for something as simple as google.com, unless you are only trying to use it for a specific task. Now after this, I have questions concerning your network setup / arrangement / configuration. - The machine running Squid is Linux-based, using CentOS, AND on a separate box as your Windows Machine? - The Squid Machine does not have any IP Tables / IP Chains configured, correct? - Your LAN is behind some type of broadband connection / router / wireless configuration? - According to reading the link below, I assume you are referring to OpenSSH as being installed on your Windows Machine (OpenSSH in my own terminology refers to OpenSSH on the Linux Box)? - SSH Tunnel for Squid *ONLY* works when using PuTTy when connected to local OpenSSH, via authentication FROM the local machine? - You can create "SSH Tunnels" using Linux, see "stunnel", and using Squid, you can configure the port for HTTPS using an SSL certificate. - The Traffic Flow in question goes in this logical PATH below: (Browser Request) -> (Proxy configuration localhost:80 for all ports (Unsecured)) (PuTTy into localhost via authentication, opens port 80) -> (localhost:80 is the SSH Tunnel (Secured)) (localhost:80 SSH Tunnel forwards all Proxy-Traffic to port 8080 on Linux Box) -> (Squid (Unsecured)) (Squid (Unsecured)) -> (Network Router) -> (Broadband Connection) -> (Internet) -> (Destination Site) Somewhat Correct? --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 11:33 AM >>> As I said earlier, I am remoting into my squid server via SSH (putty). I do not want a system wide proxy setting. I just want proxied traffic in Firefox ... my other browsers should not be proxied. To explain a little better, here is the tutorial followed for OpenSSH/SpoonProxy: http://www.linquist.net/geek/proxy It worked great, but I think squid proxy will be faster, once I get it working properly. Regarding the ports. All port 80 traffic in firefox is redirected over the SSH connection to my squid box's port 8080, for squid to deal with. I'm not on the local network, so I'm positive that setting 10.10.10.10:8080 would not work. -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 8:26 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections I believe I see your problem in the picture. According to it, your Firefox is configured for localhost:80 as the Proxy. First of all, I am not sure why you are using port 80, or 8080 with an stunnel on a small Private LAN, where all you should need to configure Squid on a port (8080 in this case), and point your Browser's configuration to that IP / Port, such as 10.10.10.10, port 8080 for all protocols, or alternatively, you should configure Firefox to use "System proxy settings", and then configure Internet Explorer for the proxy server, which configures all *system* proxy settings, for things including your IM clients, etc. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/30/2010 11:13 AM >>> Yes, I believe browser is configured properly: http://i.imgur.com/E4O9j.jpg As I stated earlier, I've been using OpenSSH + SpoonProxy on a WinXP box for years with no trouble. It's almost as if it's not picking up on the acl safe_ports because I'm also not able to use AIM over the proxy .... which needs port 5900. I've added "5900" to the acl safe ports and still can't connect via aim. However, if that were the case, you'd think Firefox would report that the proxy server was refusing connections ... instead of just saying it's taking too long to respond: http://i.imgur.com/Z7IYv.jpg (error seen when trying to visit https://x.x.x.x:2087/) -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Thursday, December 30, 2010 6:00 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Are you able to access any other sites via the proxy, or is this the only one? Also, I am assuming that you have configured your browser? --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/29/2010 5:30 PM >>> Now commenting SSL_ports isn't fixing the issue. Perhaps I mistakenly reported it successful yesterday? Still getting this error when trying to access https://x.x.x.x:2087 ----------------------------------------------------- The connection has timed out The server at x.x.x.x is taking too long to respond. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. ---------------------------------------------------- Any other ideas? -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Wednesday, December 29, 2010 2:21 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Well, if it's not a public / private corp's network, it's probably just safe to comment that back out for the SSL_ports ACL, I suppose. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/29/2010 4:26 PM >>> The start-up issue is fixed! Thanks. I found "squid" in "/etc/rc.d/init.d" and updated all references to the new location of the PID file. Worked like a charm. Still having trouble accessing sites over untrusted ssl connections though (https, ports 2087, 2083, 2096, etc.) I uncommented "http_access deny to_localhost" as you requested. Yes, the squid box's ip is 10.10.10.10. I read the acl link you provided. I use this box to SSH in and use the proxy server via tunnel. (i.e. I use putty to connect, and I have a tunnel configured to redirect port 80 traffic to "localhost:8080") -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Wednesday, December 29, 2010 12:16 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections You've stated as the below was how you were starting Squid. [root@maya ~]# /etc/init.d/squid start Starting squid: .................... [FAILED] ...... Try to see if there is a "/etc/rc.d/init.d" instead, and then edit "squid" to find where it's looking for the PID file. Also, please uncomment "http_access deny to_localhost", and I am assuming that your local network in question is 10.10.10.0-255? Recommended Reading about ACL's and http_access controls -- http://www.visolve.com/squid/squid27/accesscontrols.php#top --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/29/2010 2:57 PM >>> There is no "init.d" folder within the "etc" directory. Here are my http_access lines: ############################################################ # http_access deny all ############################################################# #Recommended minimum configuration: ############################################################# # Only allow cachemgr access from localhost ############################################################ http_access allow manager localhost ############################################################ http_access deny manager ############################################################ # Deny requests to unknown ports ############################################################ http_access deny !Safe_ports ############################################################ # Deny CONNECT to other than SSL ports ############################################################ http_access deny CONNECT !SSL_ports ############################################################ # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed ############################################################ http_access allow localnet ############################################################ # And finally deny all other access to this proxy ############################################################ http_access allow localhost ############################################################ http_access deny all ############################################################ -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Wednesday, December 29, 2010 7:14 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections For the startup issue, edit the /etc/init.d/squid - script and check the PID file path. It may not be pointing to the Squid path of /var/log/squid/run, which I also believe is configurable by /etc/squid/squid.conf. For the access issue, paste your http_access lines, and please use '#' comments above each set of lines to be sure. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/28/2010 5:01 PM >>> Chad - I really appreciate your help. I configured ACL as you suggested, uncommented the line you requested, and Firefox is throwing errors again. acl Safe_ports port 2087# whm acl SSL_ports port 2087# whm acl Safe_ports port 2083# cpanel acl SSL_ports port 2083# cpanel acl Safe_ports port 2096# webmail acl SSL_ports port 2096# webmail Firefox error: ------------------------------------------------------ The connection has timed out The server at x.x.x.x is taking too long to respond. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. --------------------------------------------------------- *That was trying to connect via https over port 2083. (regarding the commenting out of the !SSL line, is that insecure even though I'm the only one who will ever be accessing this proxy server?) Regarding the starting/stopping... I issued the commands you suggested and deleted PID file. Although Squid does start, it still reports as "Failed" for some reason. [root@maya ~]# ps -aux | grep squid Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ root 3671 0.0 0.0 3920 692 pts/0 S+ 13:52 0:00 grep squid [root@maya ~]# /etc/init.d/squid start Starting squid: .................... [FAILED] [root@maya ~]# ps -aux | grep squid Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ root 3681 0.0 0.1 7952 1128 ? Ss 13:53 0:00 squid -D squid 3683 0.0 0.6 10668 6444 ? S 13:53 0:00 (squid) -D squid 3685 0.0 0.0 1520 216 ? S 13:53 0:00 (unlinkd) root 3713 0.0 0.0 3920 692 pts/0 S+ 13:58 0:00 grep squid -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Tuesday, December 28, 2010 1:42 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Make sure squid is not running, by doing a: "ps -aux | grep squid", and then delete the PID file. ALSO, do NOT comment that line out. Simply add the port(s) that you are using to the ACL, as opposed to just port 443, by simply adding lines. Example for Novell's Remote Manager, etc. By default Squid only allows selected ports in the same manner. acl Safe_ports port 8008 acl Safe_ports port 8009 acl SSL_ports port 8009 In your case, I am assuming you should use: acl SSL_ports port 2096 --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/28/2010 4:34 PM >>> Ok, I've upgraded to 2.7 STABLE9, created that directory you mentioned, and I can get it to start via "# squid start" For some reason, "# /etc/init.d/squid start" and "# /etc/init.d/squid restart" just time out with "FAILED" ... but at least it's starting now. I'm also having problems stopping: [root@maya ~]# squid stop 2010/12/28 13:24:44| Squid is already running! Process ID 3333 I think I fixed the "untrusted connection" issue by commenting out the following line: http_access deny CONNECT !SSL_ports **note, I tried that in v2.6 and it didn't make a difference** Any ideas on how I can resolve the starting/stopping problems I'm now experiencing? Thanks! -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Tuesday, December 28, 2010 12:16 PM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Looks like the default settings. Perhaps someone can also chip in some configuration suggestions, but I do notice that the PID file directory might not exist, or squid doesn't have access to it. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/28/2010 2:28 PM >>> Well, with a little help, I was able to update to 2.7, but now I can't start it. Here is cache.log: ---------------------------------------------- 2010/12/28 04:20:12| Starting Squid Cache version 2.7.STABLE9 for i386-redhat-linux-gnu... 2010/12/28 04:20:12| Process ID 3202 2010/12/28 04:20:12| With 1024 file descriptors available 2010/12/28 04:20:12| Using epoll for the IO loop 2010/12/28 04:20:12| DNS Socket created at 0.0.0.0, port 53333, FD 6 2010/12/28 04:20:12| Adding nameserver 10.10.10.1 from /etc/resolv.conf 2010/12/28 04:20:12| User-Agent logging is disabled. 2010/12/28 04:20:12| Referer logging is disabled. 2010/12/28 04:20:12| logfileOpen: opening log /var/log/squid/access.log 2010/12/28 04:20:12| Unlinkd pipe opened on FD 11 2010/12/28 04:20:12| Swap maxSize 2048000 + 262144 KB, estimated 177703 objects 2010/12/28 04:20:12| Target number of buckets: 8885 2010/12/28 04:20:12| Using 16384 Store buckets 2010/12/28 04:20:12| Max Mem size: 262144 KB 2010/12/28 04:20:12| Max Swap size: 2048000 KB 2010/12/28 04:20:12| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2010/12/28 04:20:12| logfileOpen: opening log /var/log/squid/store.log 2010/12/28 04:20:12| Rebuilding storage in /var/spool/squid (DIRTY) 2010/12/28 04:20:12| Using Least Load store dir selection 2010/12/28 04:20:12| Set Current Directory to /var/spool/squid 2010/12/28 04:20:12| Loaded Icons. 2010/12/28 04:20:12| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 13. 2010/12/28 04:20:12| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2010/12/28 04:20:12| WCCP Disabled. 2010/12/28 04:20:12| /var/log/squid/run/squid.pid: (2) No such file or directory 2010/12/28 04:20:12| WARNING: Could not write pid file 2010/12/28 04:20:12| Ready to serve requests. 2010/12/28 04:20:12| Done reading /var/spool/squid swaplog (747 entries) 2010/12/28 04:20:12| Finished rebuilding storage from disk. 2010/12/28 04:20:12| 747 Entries scanned 2010/12/28 04:20:12| 0 Invalid entries. 2010/12/28 04:20:12| 0 With invalid flags. 2010/12/28 04:20:12| 747 Objects loaded. 2010/12/28 04:20:12| 0 Objects expired. 2010/12/28 04:20:12| 0 Objects cancelled. 2010/12/28 04:20:12| 0 Duplicate URLs purged. 2010/12/28 04:20:12| 0 Swapfile clashes avoided. 2010/12/28 04:20:12| Took 0.3 seconds (2547.6 objects/sec). 2010/12/28 04:20:12| Beginning Validation Procedure 2010/12/28 04:20:12| Completed Validation Procedure 2010/12/28 04:20:12| Validated 747 Entries 2010/12/28 04:20:12| store_swap_size = 7200k 2010/12/28 04:20:13| storeLateRelease: released 0 objects ---------------------------------------------------------- You just want me to copy/paste squid.conf? -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Tuesday, December 28, 2010 10:47 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Okay, then please simply post the current squid.conf first -- chances are, it sounds like its not configured correctly, between that, and your browser configuration. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/28/2010 1:23 PM >>> Any advice on how best to do that? This is my first linux box and I created it precisely to use it as a Squid Proxy. This steep learning curve is kind of intimidating :/ -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Tuesday, December 28, 2010 10:05 AM To: Charles Roper Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Allow untrusted ssl connections Okay ... Firstly, you should probably compile an updated version of Squid, using either the 2.7 or 3.1 branch from http://www.squid-cache.org, and then install it. That version of Squid is probably only current for your install of CentOS. Then post your configuration, it should be under /etc/squid, called squid.conf. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Charles Roper" <charlzroper@xxxxxxxxx> 12/28/2010 12:52 PM >>> Of course, sorry. squid-2.6.STABLE21-6.el5.i386 CentOS release 5.5 (Final) When I try to install the latest stable version using "yum install squid", I get this: ------------------------------------------ # yum install squid Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirror.stanford.edu * base: mirrors.usc.edu * extras: mirror.its.uidaho.edu * updates: mirror.its.uidaho.edu Setting up Install Process Package 7:squid-2.6.STABLE21-6.el5.i386 already installed and latest version Nothing to do -------------------------------------------- Is there another way I should be updating? Thanks for the reply! -----Original Message----- From: Chad Naugle [mailto:Chad.Naugle@xxxxxxxxxxx] Sent: Tuesday, December 28, 2010 9:48 AM To: Charles Roper; squid-users@xxxxxxxxxxxxxxx Subject: Re: Allow untrusted ssl connections Can you report back with your version of Squid, and configuration? --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> Charles Roper <charlzroper@xxxxxxxxx> 12/28/2010 12:33 PM >>> Hello, I'm using Squid Proxy to access my home network while I'm away from the house ... I'm running into a bit of trouble with SSL connections. Using just a plain 'ol connection to the internet, occasionally , Firefox will warn me of "Untrusted Connection" on certain websites that I visit. I believe this is due to either invalid SSL certs or self-signed SSL certs. Either way, I do trust these sites ... some of them are my own! I tell Firefox that it's ok and it will let me view the sites as normal. The problem arises when I try to access those same sites through my home Squid Proxy instead of directly connecting to the internet. When I do that, Firefox throws a "Problem loading page error" : ------------------------------ Unable to connect Firefox can't establish a connection to the server at 8.8.8.8:2096. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. ----------------------------- I'm assuming this is a security configuration, but I really need to be able to access those sites through Squid Proxy. For years, I've been using OpenSSH with SpoonProxy (Windows-based) and it worked flawlessly, but this week I thought I'd make the switch to Squid Proxy to see if I noticed any improvements. I did notice many speed improvements, and this is the only problem that I've run into, so I'm hoping you can help me resolve it. Thanks - look forward to your reply! - Charles Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
