Squid 3.5.25 +
Squidclamav(c-icap) + SquidGuard
Here are the logs with SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by debug_options ALL,1 11,2 and 61,5
https://mega.nz/#!dIdAkYra!aVEg07Sc9OxRwYiRAPk49dwegr2r-sdX2u73btEdDVk
Here the squid.conf & squidguard.conf
https://pastebin.com/v2LA8CcR
Here are the logs with SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by debug_options ALL,1 11,2 and 61,5
https://mega.nz/#!dIdAkYra!aVEg07Sc9OxRwYiRAPk49dwegr2r-sdX2u73btEdDVk
Here the squid.conf & squidguard.conf
https://pastebin.com/v2LA8CcR
05/31/17 09:10:39, Andi <andreas.lauterbach76@xxxxxx>:
Thank you again,
It was all working together with "ssl_bump server-first all" optin for squidclamav(c-icap) and squidGuard 1.5 for Squid v 3.48 packages at debian jessie
Now after installing new Squid 3.5.25 with splice/peek support, its all working except of ssl websites.
I 'll reproduce the SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by debug_options ALL,1 11,2 and 61,5 enabled and post here full access and cache logs.
05/31/17 02:31:42, Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 30/05/17 21:55, Andi wrote:_______________________________________________
> Thank you for all your suggestions Mister.
>
> I improved my conf by them and disabled squidguard for testing and its
> working now fine without squidguard.
> So I need to investigate why squidguard won't run with https sites on
> v 3.5.25
>
> squidGuard -v
> SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013)
>
> How can I find out what happens between Squid, SquidGuard at debian
> and Firefox at client side ?
The Squid<->Firefox is all HTTP so for that debug_options 11,2.
That will also show you any of the HTTP to servers if it is involved.
For the redirector debug_options 61,5
>
> I tried echo tests locally with squidguard but it only shows ERR
> results with https sites.
> Http sites are working well as expected with squidguard
I'm not entirely surprised by that. SG has not been maintained since
before Squid was handling https:// on a regular basis. So it may simply
be not able to process that type of URL.
Squid can now do a lot of what SG was useful for. But if you really
still need SG for something perhapse you should try using the ufdbguard
helper instead. It is essentially a drop-in replacement but has extra
features for a lot more modern traffic handling and has active support.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users