Search squid archive

windowsupdate and ssl_bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

 

We are using a 3.4.8 squid Proxy in intercept mode via wccp.

Squid intercepts HTTP and HTTPS via ssl_bump.

All is working fine except that Windows Machines can’t do a Windows Update.

It is not working at all giving an error  80072F8F

with HTTPS redirection disabled all work fine.

 

Someone knows how to maintain the SSL interception with a functional Windows Update ?

 

Thanks

 

Josep

 

 

Squid.conf:

 

 

# Disable Cache for defined domains

acl disable-dom-cache dstdomain -i "/etc/squid3/no-cache.acl"

cache deny disable-dom-cache

cache allow all

 

#HTTPS (SSL) trafic interception options

sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB

sslcrtd_children 8 startup=1 idle=1

# Disable ssl_bump for defined domains (using rDNS not always work !!)

acl disable-ssl-bump dstdomain -i "/etc/squid3/no-ssl-bump.acl"

ssl_bump none disable-ssl-bump

ssl_bump server-first all

 

# Videos/Musics/Images/Libraries Accelerator

store_id_program /etc/squid3/ut-storeid.php

store_id_children 25 startup=10 idle=5 concurrency=0

acl storeiddoms dstdomain -i '/etc/squid3/api-storeid-trial.txt'

store_id_access allow storeiddoms

store_id_access deny all

 

client_dst_passthru off

 

http_access allow all

 

http_port 3128

http_port 8080 intercept

https_port 8081 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squidcert.pem

 

forward_max_tries 25

cache_mem 2 GB

maximum_object_size_in_memory 25 MB

maximum_object_size 1 GB

 

visible_hostname squid-v2

 

coredump_dir /var/spool/squid3

cache_replacement_policy heap LFUDA

cache_dir aufs /var/spool/squid3 45000 16 256

 

refresh_pattern ^http:\/\/.*\.unveiltech\.internal.*  10080 80%  79900  override-expire override-lastmod refresh-ims reload-into-ims ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 10080

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 80% 10080

 

 

# FortiGate interface of wccp

wccp2_router 192.168.111.1

# wccp version 2 configuration

wccp2_service standard 90

# tunneling method GRE for forward traffic

wccp2_forwarding_method gre

# tunneling method GRE for return traffic

wccp2_return_method gre

# which interface to use for WCCP (0.0.0.0 determines the interface from routing)

wccp2_address 0.0.0.0

 

snmp_port 3401

snmp_access allow all

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux