Good afternoon, I have a small router onto which I have installed Squid. I am trying to filter HTTPS urls for bad words on a blocked list. It will require the client on the safe side of the router to install the certificate, this isn't an issue as it's an open process and not an illigal MITM attack. Below is my squid.conf As you will see I have been playing around with where to put the code and what code to put in. I only have a small amount of flash drive so I have put the auto-gen cert directory in /tmp/. I am aware this is volatile memory but until I have a better solution I will be doing this. I have put a firewall rule in to forward 443 to 3128. https://wiki.squid-cache.org/Features/SslBump https://wiki.squid-cache.org/SquidFaq/SquidAcl I also don't want to cache due to flash drive issues. Is this possible? Its the same cert in /root/ and /certs/ before anyone points it out. Nothing has been appearing in the log files either but this is no surprise. Been up till 1am last few nights on this so you assistance is very appreciated. Thank you very much, Joe acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.1.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 acl ssl_ports port 443 acl safe_ports port 80 acl safe_ports port 21 acl safe_ports port 443 acl safe_ports port 70 acl safe_ports port 210 acl safe_ports port 1025-65535 acl safe_ports port 280 acl safe_ports port 488 acl safe_ports port 591 acl safe_ports port 777 acl connect method connect #acl safe_ports port 3128 http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=1MB cert=/root/myCA.pem http_access deny !safe_ports http_access deny connect !ssl_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localnet http_access allow localhost #http_port 3128 intercept acl BadWords url_regex "/etc/badwords" http_access deny Badwords cache deny all #ssl_bump bump all #http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=1MB cert=/root/myCA.pem http_access deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 access_log /squid.log cache_log /squid1.log cache_store_log stdio:/squid2.log logfile_rotate 0 logfile_daemon /dev/null #http_port 3128 intercept #cache deny all #ssl_bump bump all #http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=1MB cert=/root/myCA.pem _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
