> On 8/06/2013 2:39 a.m., MyName IsLive wrote: > > Look i just need a server to set it as gateway on all my clients ALL their traffic passing from my server and me can log all the traffic all http, https traffics. > > > > i already paste all my config i did all changes npf-mlists@xxxxxxxxxxx said, but that is the log file! > > i can visit http sites but as i said http://yahoo.com is ok i can visit but when im clicking on other link from inside yahoo.com website i cannot visit "Internet explorer cannot display the webpage" same with chrome and Firefox! > > > > for https i tries with https://facebook.com not working means this: > > > >>> 1370611784.763 2407 192.168.4.99 TCP_MISS/200 1376 GET http://www.facebook.com/ - HIER_DIRECT/31.13.86.8 text/html > >>> 1370611784.790 0 192.168.4.99 NONE/400 3972 NONE error:invalid-request - HIER_NONE/- text/html > >>> 1370611801.238 0 192.168.4.99 NONE/400 3972 NONE error:invalid-request - HIER_NONE/- text/html > > i compiled from source code and this is parameter that i passed to configure: > > ./configure --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-ltdl-convenienc > > > > if you need more information that i missed please let me know :) > > His instructions were not quite correct. You require intercept flag on > *both* Squid receiving ports to de-NAT the TCP layer and parse the HTTP > origin server message syntax which is used on port 80 and 443. You > require ssl-bump flag and the related ssl settings on the https_port to > enable proper security handling of intercepted port 443 traffic. The > ssl-bump settings usage on the http_port along with intercept is > optional, but rarely useful as CONNECT messages on port 80 are undefined. Yes.. Amos is correct. My mistake. When i said: >>>>> Change >>>>> >>>>> http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem >>>>> >>>>> to >>>>> >>>>> http_port 3128 intercept >>>>> https_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem >>>>> Should be: Change http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem to http_port 3128 intercept https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem Best regards, Nuno Fernandes
