Thank you for your quick response.
First of all forgive me for the lack of information in the first email. I've tried to disable QUIC a few minutes ago and the problem persists. Follow the information requested:
-> Compilation:
I've installed squid using the following commands:
cd /usr/src
apt-get install squid3
tar xvzf squid-3.5.15-20160330-r14015.tar.gz
cd squid-3.5.15-20160330-r14015
apt-get build-dep squid3 && apt-get install build-essential libssl-dev
./configure --enable-icap-client --enable-ssl --enable-ssl-crtd --prefix=/usr --includedir=/usr/include --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=/lib/squid3 --srcdir=. --datadir=/usr/share/squid3 --sysconfdir=/etc/squid3 --mandir=/usr/share/man --with-default-user=squid --with- cppunit-config-basedir=/usr --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid --with-openssl --disable-optimizations --disable-arch-native
service squid3 stop
make all && make install
useradd squid && chown -R squid:squid /var/log/squid3
mv /usr/sbin/squid3 /usr/sbin/squid3.old && mv/usr/sbin/squid /usr/sbin/squid3
/lib/squid3/ssl_crtd -c -s /var/lib/ssl_db -M 4 MB
chown -R squid:squid /var/lib/ssl_db
service squid3 restart && service squid3 stop && chmod 777 /var/spool/squid3 && squid3 -z && service squid3 restart
OBS: We're not using ssl_crtd/ssl_db anymore. Our previous squid conf was using intercept, but the actual one isn't configured as transparent proxy.
-> Platform of the gateway:
Distributor ID: Debian
Description: Debian GNU/Linux 8.4 (jessie)
Release: 8.4
Codename: jessie
-> Squid:
Squid Cache: Version 3.5.15-20160324-r14011
Service Name: squid
configure options: '--enable-icap-client' '--enable-ssl' '--enable-ssl-crtd' '--prefix=/usr' '--includedir=/usr/include' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-default-user=squid' '--with-cppunit-config-basedir=/usr' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-openssl' '--disable-arch-native'
-> Squid.conf:
http_port 3128
visible_hostname gateway
cache_mgr william@xxxxxxxxxxxxxxxxxxxxxx
error_directory /usr/share/squid3/errors/Portuguese
access_log /var/log/squid3/access.log
hierarchy_stoplist cgi-bin ?
cache_mem 2048 MB
maximum_object_size_in_memory 100 MB
cache_dir ufs /var/spool/squid3 307200 16 256
maximum_object_size 4096 MB
minimum_object_size 0 MB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 360 20% 2280
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 2280
cache_log /var/log/squid3/cache.log
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24
acl localnetd dst 192.168.0.0/24
acl manager proto cache_object
http_access allow manager localhost
http_access deny manager
acl purge method PURGE
http_access allow purge localhost
http_access deny purge
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 631
acl Safe_ports port 777
acl Safe_ports port 873
acl Safe_ports port 901
acl Safe_ports port 1025-65535
http_access deny !Safe_ports
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 873
acl connect method CONNECT
http_access deny connect !SSL_ports
acl FTP proto FTP
always_direct allow FTP
acl reqliberacaotmp src "/etc/firewall/ips_liberados_tmp.txt"
acl reqliberacaofixo src "/etc/firewall/ips_liberados_fixo.txt"
http_access allow reqliberacaotmp reqliberacaofixo
acl sitesliberadosfixo dstdom_regex -i "/etc/firewall/sites_liberados_fixo.txt"
acl sitesliberadostmp dstdom_regex -i "/etc/firewall/sites_liberados_tmp.txt"
acl almoco time MTWHF 11:50-13:30
acl manha time MTWHF 00:01-08:30
acl noite time MTWHF 18:00-23:59
http_access allow localhost sitesliberadosfixo
http_access allow localhost sitesliberadostmp
http_access allow localnet sitesliberadosfixo
http_access allow localnet sitesliberadostmp
http_access allow localhost almoco
http_access allow localnet almoco
http_access allow localhost manha
http_access allow localnet manha
http_access allow localhost noite
http_access allow localnet noite
http_access deny !sitesliberadosfixo !sitesliberadostmp !reqliberacaotmp !reqliberacaofixo
http_access allow localhost
http_access allow localnet
http_access allow localnetd
http_access deny !localhost !localnet !localnetd
http_access deny all
I'll send access.log in next e-mail, otherwise message body will be too big.
William Ivanski
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
