Hi all,
I'm using squid 3.5.12.
This is my relevant config:
http_port 881
http_port 880 intercept
https_port 843 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem key=/usr/local/squid/etc/cert.pem options=NO_SSLv3:NO_SSLv2 cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/etc/ssl/certs -M 4MB sslcrtd_children 8 startup=1 idle=1
#### Denied Users
acl equipos_denegados src "/usr/local/squid/etc/equipos_denegados"
http_access deny equipos_denegados
deny_info DENY equipos_denegados
#### Allowed users
acl equipos_permitidos src "/usr/local/squid/etc/equipos_permitidos"
http_access allow equipos_permitidos
####
#### Denied Sites
acl sitios_denegados dstdomain "/usr/local/squid/etc/sitiosdenegados"
http_access deny sitios_denegados
####
#### Block HTTPS
acl blockhttps ssl::server_name "/usr/local/squid/etc/sitiosdenegados"
ssl_bump terminate blockhttps
ssl_bump splice equipos_permitidos
ssl_bump peek all
ssl_bump splice all
####
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_options NO_SSLv3:NO_SSLv2
Basically I'm using squid to allow everything and deniy some users (hosts) and some sites (http and https).
If I use IE or Firefox (Win/Lin), everything works great, if I access a site via HTTP the user see a message and if he access via HTTPS the conecction is terminated and there is an error on the browser.
But, If I access any google site using chrome (windows / linux) the sites are getting bumped (google.com, google.com.X youtube.com, etc)
The browser complains with a "Your conecction is not private" and the certificate is my own certificate.
I'm missing something ?
I only what to splice everythng.
Thanks
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users