my mistake - I have this line commented out in the original configuration.
When I put the configuration in a letter - accidentally deleted the comment
character "#"
Amos Jeffries писал 09.06.2014 10:12:
On 9/06/2014 6:24 p.m., Дмитрий Шиленко wrote:
This is my config file:
http_port 127.0.0.1:3128
http_port 127.0.0.1:3129 intercept
Okay, so Squid takes in:
* forward-proxy traffic to port 3128
* NAT intercepted port 80 traffc (via port 3129)
Google does not use HTTP anymore. They use HTTPS almost exclusively.
Which means port 443 TLS encrypted traffic or CONNECT requests over port
3128.
But...
connect_timeout 20 second
dns_v4_first on
shutdown_lifetime 1 seconds
cache deny all
#cache_mem 256 MB
#maximum_object_size_in_memory 512 KB
coredump_dir /usr/local/squid
access_log daemon:/usr/local/squid/log/access.log squid
#strip_query_terms off
log_mime_hdrs on
#forwarded_for transparent
#via off
cache_mgr root@localhost
visible_hostname proxy.localnet.local
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl CONNECT method CONNECT
acl AdminsIP src "/usr/local/etc/squid/AccessLists/AdminsIP.txt"
acl RestrictedDomains dstdomain
"/usr/local/etc/squid/AccessLists/RestrictedDomains.txt"
acl MimeAudioVideo rep_mime_type audio video
acl UrlIP url_regex -i
^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/.*
http_access allow manager localhost
#http_access allow manager CacheManagerIP
http_access deny manager
#Значение disable all отключает управление кэшем
#cachemgr_passwd disable all
http_access deny CONNECT
... you have denied all use of CONNECT. Even to transfer HTTPS.
The default recommended config has "!SSL_Ports" on the end of that line
in order to permit HTTPS traffic like google through the proxy.
Also, check that you are NOT intercepting or bocking port 443. Your
Squid is currently not setup to handle TLS/SSL.
Amos
http_access deny to_localhost
http_access allow AdminsIP
http_access deny RestrictedDomains
#http_access deny UrlIP
http_access allow localnet
http_access deny all
#http_reply_access allow AdminsIP
#http_reply_access deny MimeAudioVideo
http_reply_access allow all
#refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
Amos Jeffries писал 09.06.2014 04:11:
On 9/06/2014 3:10 a.m., Дмитрий Шиленко wrote:
There is a very strange problem. I have freebsd 9.1 gateway configured
with ipfv ipnat and I decided to set up a squid. Installed from ports
SQUID 3.3. As soon as I run it - gugle.tsom immediately blocks my
network and try to access the search engine says that my requests are
sent automatically.Once turn off the squid - all ok. Prompt in what
could be the problem?
Something in the configuration. But you omitted those details aong with
the actual error message details. So we cannot help more than that.
Amos
--
С ув. Шиленко Дмитрий
Системный инженер
global-it.com.ua
моб. (063)142-32-59
офис 221-55-72
