On 16/11/17 02:32, Joe Foster wrote:
Good afternoon, I have a small router onto which I have installed Squid. I am trying to filter HTTPS urls for bad words on a blocked list. It will require the client on the safe side of the router to install the certificate, this isn't an issue as it's an open process and not an illigal MITM attack. Below is my squid.conf As you will see I have been playing around with where to put the code and what code to put in. I only have a small amount of flash drive so I have put the auto-gen cert directory in /tmp/. I am aware this is volatile memory but until I have a better solution I will be doing this.
Since /tmp is subject to random deletion of content you will need to make sure you always shutdown Squid and re-run the ssl_crtd (etc.) create command to re-generate the cert DB structures whenever the device erases its /tmp content. Otherwise your proxy will crash and/or client connections will start being terminated with strange looking errors.
IMO you would probably be better off setting the cert DB to a very small size suitable for your limited space - or disabling it entirely [more on that below].
I have put a firewall rule in to forward 443 to 3128. https://wiki.squid-cache.org/Features/SslBump https://wiki.squid-cache.org/SquidFaq/SquidAcl I also don't want to cache due to flash drive issues. Is this possible?
From the documentation of the SSL-Bump settings: <http://www.squid-cache.org/Doc/config/http_port/> " dynamic_cert_mem_cache_size=SIZE Approximate total RAM size spent on cached generated certificates. If set to zero, caching is disabled. The default value is 4MB. "
Its the same cert in /root/ and /certs/ before anyone points it out. Nothing has been appearing in the log files either but this is no surprise. Been up till 1am last few nights on this so you assistance is very appreciated.
That sounds like you are having a problem. But I don't see any mention of what that is exactly.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
