Hi, I've been trying to configure intercepting proxy with privoxy as a cache_peer. This is my Squid configuration: acl all src all acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #http_access deny !Safe_ports #http_access deny CONNECT !SSL_ports http_access allow all # stop squid taking forever to restart. shutdown_lifetime 3 second client_dst_passthru off host_verify_strict off # IMPORTANT! squid requires at least one forward-proxy port configured # http://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts http_port 0.0.0.0:3127 http_port 0.0.0.0:3128 intercept https_port 0.0.0.0:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.pem sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 sslproxy_capath /etc/ssl/certs acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all cache_peer 127.0.0.1 parent 8118 7 no-query default no-digest no-netdb-exchange proxy-only ssl never_direct allow all cache_mem 8 MB maximum_object_size_in_memory 32 KB # Disable the Via and X-Forwarded-For field from the request header to avoid # leaking the use of a proxy and client ip address via off forwarded_for off follow_x_forwarded_for deny all request_header_access X-Forwarded-For deny all #cache_dir ufs /var/spool/squid 1024 16 256 #coredump_dir /var/cache/squid cache deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 Now when making a request, privoxy prints out following: 2017-01-11 00:36:51.420 7fe4872a4700 Connect: Accepted connection from 127.0.0.1 on socket 4 2017-01-11 00:36:51.421 7fe4872a4700 Received: from socket 4: \x16\x03\x01\x010\x01\x00\x01,\x03\x03xfOz\xc3\xc2\xf8\xf6\xc4\x972Y\xe5w\xf0\xd7\x98\xb5\xd3\x99\xfb\x97P%\x0aX\x1f\xefs\x91\xc6d\x00\x00\xaa\xc00\xc0,\xc0(\xc0$\xc0\x14\xc0\x0a\x00\xa5\x00\xa3\x00\xa1\x00\x9f\x00k\x00j\x00i\x00h\x009\x008\x007\x006\x00\x88\x00\x87\x00\x86\x00\x85\xc02\xc0.\xc0*\xc0&\xc0\x0f\xc0\x05\x00\x9d\x00=\x005\x00\x84\xc0/\xc0+\xc0'\xc0#\xc0\x13\xc0\x09\x00\xa4\x00\xa2\x00\xa0\x00\x9e\x00g\x00@\x00?\x00>\x003\x002\x001\x000\x00\x9a\x00\x99\x00\x98\x00\x97\x00E\x00D\x00C\x00B\xc01\xc0-\xc0)\xc0%\xc0\x0e\xc0\x04\x00\x9c\x00<\x00/\x00\x96\x00A\xc0\x11\xc0\x07\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\x00\x16\x00\x13\x00\x10\x00\x0d\xc0\x0d\xc0\x03\x00\x0a\x00\xff\x01\x00\x00Y\x00\x0b\x00\x04\x03\x00\x01\x02\x00\x0a\x00\x1c\x00\x1a\x00\x17\x00\x19\x00\x1c\x00\x1b\x00\x18\x00\x1a\x00\x16\x00\x0e\x00\x0d\x00\x0b\x00\x0c\x00\x09\x00\x0a\x00#\x00\x00\x00\x0d\x00 \x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x0f\x00\x01\x013t\x00\x00 2017-01-11 00:37:21.450 7fe4872a4700 Connect: The client side of the connection on socket 4 got closed without sending a complete request line. It seems like the bumped request is missing the CONNECT line and privoxy gets confused. Squid version: Squid Cache: Version 3.5.23 Service Name: squid configure options: 'CHOST=x86_64-pc-linux-gnu' 'CFLAGS=-march=core2 -O2 -pipe' 'CXXFLAGS=' '--build=x86_64-linux-gnu' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libdir=/usr/lib' '--sharedstatedir=/usr/com' '--includedir=/usr/include' '--localstatedir=/var' '--libexecdir=/usr/lib/squid' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--x-includes=/usr/include' '--x-libraries=/usr/lib' '--with-default-user=proxy' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--enable-storeio=ufs,aufs,diskd' '--enable-linux-netfilter' '--enable-removal-policies=lru,heap' '--enable-gnuregex' '--enable-follow-x-forwarded-for' '--enable-x-accelerator-vary' '--enable-zph-qos' '--enable-delay-pools' '--enable-snmp' '--enable-underscores' '--with-openssl' '--enable-ssl-crtd' '--enable-http-violations' '--enable-async-io=24' '--enable-storeid-rewrite-helpers' '--with-large-files' '--with-libcap' '--with-netfilter-conntrack' '--with-included-ltdl' '--with-maxfd=65536' '--with-filedescriptors=65536' '--with-pthreads' '--without-gnutls' '--without-mit-krb5' '--without-heimdal-krb5' '--without-gnugss' '--disable-icap-client' '--disable-wccp' '--disable-wccpv2' '--disable-dependency-tracking' '--disable-auth' '--disable-epoll' '--disable-ident-lookups' '--disable-icmp' 'build_alias=x86_64-linux-gnu' --enable-ltdl-convenience As a result, the client receives ERR_CANNOT_FORWARD. Could someone point me to the right direction? Thank you. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
