| i use squid 3.5.27 as a transparent proxy. With the proxy , i access some https websites like www.hupu.com. But the webpage does not show correctly. There are some websizes similar such as https://www. The webpage remind like" s1.hdslb.com used an invalid security certificate. This
certificate is valid for the following domain names only: *
.zhaopin.com, * .zhaopin.cn, * .dpfile.com, * .cdn.myqcloud.com, *
.sogoucdn. SSL error code: SSL_ERROR_BAD_CERT_DOMAIN " how can i send a screenshot to explain? Here is my configure# Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager http_access allow all # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost acl NCACHE method GET no_cache deny NCACHE # And finally deny all other access to this proxy request_header_access Via deny all #hide squid header request_header_access X-Forwarded-For deny all #hide squid header #request_timeout 2 minutes #client request timeout # Squid normally listens to port 3128 http_port 3120 http_port 3128 intercept https_port 192.168.51.115:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem always_direct allow all ssl_bump server-first all acl ssl_step1 at_step SslBump1 acl ssl_step2 at_step SslBump2 acl ssl_step3 at_step SslBump3 ssl_bump peek ssl_step1 ssl_bump splice all sslproxy_version 0 sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 #Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /usr/local/squid/var/cache/squid 4096 16 256 minimum_object_size 0 KB maximum_object_size 4096 KB ipcache_size 1024 MB ipcache_low 70 ipcache_high 95 fqdncache_size 1024 MB cache_mem 1024 MB cache_swap_low 90 cache_swap_high 95 # Leave coredumps in the first cache dir coredump_dir /usr/local/squid/var/cache/squid |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
