Hello Amos,
The problem is the connections are not getting through. It just acts like there is no WiFi connection.
Adding the cert db every start up isn’t an issue.
I was thinking of having a small cert cache locally instead thinking about it since.
The connections just aren’t being made. No ssl warning.
Thank you
Joe
On Thu, 16 Nov 2017 at 08:15, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 16/11/17 02:32, Joe Foster wrote:
> Good afternoon,
>
> I have a small router onto which I have installed Squid.
>
> I am trying to filter HTTPS urls for bad words on a blocked list.
>
> It will require the client on the safe side of the router to install the
> certificate, this isn't an issue as it's an open process and not an
> illigal MITM attack.
>
> Below is my squid.conf
>
> As you will see I have been playing around with where to put the code
> and what code to put in.
>
> I only have a small amount of flash drive so I have put the auto-gen
> cert directory in /tmp/. I am aware this is volatile memory but until I
> have a better solution I will be doing this.
Since /tmp is subject to random deletion of content you will need to
make sure you always shutdown Squid and re-run the ssl_crtd (etc.)
create command to re-generate the cert DB structures whenever the device
erases its /tmp content. Otherwise your proxy will crash and/or client
connections will start being terminated with strange looking errors.
IMO you would probably be better off setting the cert DB to a very small
size suitable for your limited space - or disabling it entirely [more on
that below].
>
> I have put a firewall rule in to forward 443 to 3128.
>
> https://wiki.squid-cache.org/Features/SslBump
> https://wiki.squid-cache.org/SquidFaq/SquidAcl
>
> I also don't want to cache due to flash drive issues. Is this possible?
>
From the documentation of the SSL-Bump settings:
<http://www.squid-cache.org/Doc/config/http_port/>
"
dynamic_cert_mem_cache_size=SIZE
Approximate total RAM size spent on cached generated
certificates. If set to zero, caching is disabled. The
default value is 4MB.
"
> Its the same cert in /root/ and /certs/ before anyone points it out.
>
> Nothing has been appearing in the log files either but this is no
> surprise.
>
> Been up till 1am last few nights on this so you assistance is very
> appreciated.
That sounds like you are having a problem. But I don't see any mention
of what that is exactly.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users