Search squid archive

squid 3.5.4 and ssl-bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos... 

ok now I upgrade recompile again everything from 3.4.8 to 3.5.4

this is the conf

root@debian-template:/usr/local/squid/sbin# ./squid -k parse  
2015/05/22 03:08:17| Startup: Initializing Authentication Schemes ...
2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'basic'
2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'digest'
2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'negotiate'
2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'ntlm'
2015/05/22 03:08:17| Startup: Initialized Authentication.
2015/05/22 03:08:17| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2015/05/22 03:08:17| Processing: http_port 172.16.1.10:3128
2015/05/22 03:08:17| Processing: https_port 172.16.1.10:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/myCA.pem cipher=ECDHE-RSA-RC4
-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
2015/05/22 03:08:17| Starting Authentication on port 172.16.1.10:3129
2015/05/22 03:08:17| Disabling Authentication on port 172.16.1.10:3129 (interception enabled)
2015/05/22 03:08:17| Processing: acl QUERY urlpath_regex cgi-bin \?
2015/05/22 03:08:17| Processing: no_cache deny QUERY
2015/05/22 03:08:17| Processing: access_log /var/log/squid3/access.log squid
2015/05/22 03:08:17| Processing: coredump_dir /var/spool/squid3
2015/05/22 03:08:17| Processing: refresh_pattern ^ftp:       1440    20% 10080
2015/05/22 03:08:17| Processing: refresh_pattern ^gopher:    1440    0%  1440
2015/05/22 03:08:17| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
2015/05/22 03:08:17| Processing: refresh_pattern .       0   20% 4320
2015/05/22 03:08:17| Processing: cache_dir aufs /var/spool/squid3 4096 16 256
2015/05/22 03:08:17| Processing: refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600       90%     43200
2015/05/22 03:08:17| Processing: acl SSL_ports port 25      # Protocols
2015/05/22 03:08:17| Processing: acl SSL_ports port 110      # to can
2015/05/22 03:08:17| Processing: acl SSL_ports port 143     # allow hit
2015/05/22 03:08:17| Processing: acl SSL_ports port 465     # gmail account
2015/05/22 03:08:17| Processing: acl SSL_ports port 587     # on the
2015/05/22 03:08:17| Processing: acl SSL_ports port 993     # internet
2015/05/22 03:08:17| Processing: acl SSL_ports port 995     # behind a firewall
2015/05/22 03:08:17| Processing: acl SSL_ports port 443
2015/05/22 03:08:17| Processing: acl SSL_ports port 563
2015/05/22 03:08:17| Processing: acl Safe_ports port 80      # http
2015/05/22 03:08:17| Processing: acl Safe_ports port 21      # ftp
2015/05/22 03:08:17| Processing: acl Safe_ports port 443     # https
2015/05/22 03:08:17| Processing: acl Safe_ports port 70      # gopher
2015/05/22 03:08:17| Processing: acl Safe_ports port 210     # wais
2015/05/22 03:08:17| Processing: acl Safe_ports port 1025-65535  # unregistered ports
2015/05/22 03:08:17| Processing: acl Safe_ports port 280     # http-mgmt
2015/05/22 03:08:17| Processing: acl Safe_ports port 488     # gss-http
2015/05/22 03:08:17| Processing: acl Safe_ports port 591     # filemaker
2015/05/22 03:08:17| Processing: acl Safe_ports port 777     # multiling http
2015/05/22 03:08:17| Processing: acl CONNECT method CONNECT
2015/05/22 03:08:17| Processing: acl purge method PURGE
2015/05/22 03:08:17| Processing: acl network src 172.16.1.0/24
2015/05/22 03:08:17| Processing: cache_mem 64 MB
2015/05/22 03:08:17| Processing: http_access allow manager localhost
2015/05/22 03:08:17| Processing: http_access deny manager
2015/05/22 03:08:17| Processing: http_access deny !Safe_ports
2015/05/22 03:08:17| Processing: http_access deny CONNECT !SSL_ports
2015/05/22 03:08:17| Processing: http_access allow localhost
2015/05/22 03:08:17| Processing: http_access allow network CONNECT
2015/05/22 03:08:17| Processing: http_access deny all
2015/05/22 03:08:17| Processing: ssl_bump server-first all
2015/05/22 03:08:17| Processing: sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1
2015/05/22 03:08:17| Processing: sslproxy_version 3
2015/05/22 03:08:17| Processing: sslproxy_options ALL
2015/05/22 03:08:17| Processing: always_direct allow all
2015/05/22 03:08:17| Processing: never_direct allow all
2015/05/22 03:08:17| Processing: max_filedesc 16384
2015/05/22 03:08:17| Processing: dns_nameservers 8.8.8.8
2015/05/22 03:08:17| Processing: dns_nameservers 8.8.4.4
2015/05/22 03:08:17| Processing: positive_dns_ttl 8 hours
2015/05/22 03:08:17| Processing: negative_dns_ttl 30 seconds
2015/05/22 03:08:17| Initializing https proxy context
2015/05/22 03:08:17| Initializing https_port 172.16.1.10:3129 SSL context
2015/05/22 03:08:17| Using certificate in /etc/squid3/ssl/myCA.pem

and now the error is different.

can't see any site... http or https

and the logs said...

1432278470.317      0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
1432278470.320      0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
1432278470.323      0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
1432278470.327      0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
1432278472.729      0 172.16.1.20 TAG_NONE/400 2193 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - HIER_NONE/- text/html
1432278477.871      0 172.16.1.20 TAG_NONE/400 2159 GET /pki/crl/products/WinPCA.crl - HIER_NONE/- text/html
1432278482.222      0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:1028882439&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html
1432278482.244      0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:3993259034&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html
1432278483.049      0 172.16.1.20 TAG_NONE/400 2201 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - HIER_NONE/- text/html

remember we need to check http normal use with acl syntaxs (that part is ok, just need the config ok to can see the same using this ssl-bump for example domains as facebook or similar)

thanxs
--
Antonio Peña
Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux