On 29/10/2018 15:20, Uchenna Nebedum wrote: > Good Day All, > I have setup squid 3.5 with mikrotik, and ssl bumping is enabled. after > accepting the certificate on the browser prompt, Squid throws an error > on the browser, "*unable to forward this request at this time.*" it > throws this error for http sites as well. please what could be causing > this error. never_direct allow all How is your proxy meant to forward on requests? You have no cache peers, but have told it never to go direct (i.e. always use a cache peer). > *Please find attached my squid.conf* > /#cache_log /var/log/squid/cache.log > cache_effective_user proxy > acl localnet src 10.0.0.0/24 <http://10.0.0.0/24> > acl localnet src 172.16.0.0/12 <http://172.16.0.0/12> > acl localnet src 192.168.0.0/16 <http://192.168.0.0/16> > acl localnet src fc00::/7 > acl localnet src fe80::/10 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > never_direct allow all > http_access allow localhost manager > http_access deny manager > http_access allow localnet > http_access allow localhost > http_access deny all > visible_hostname localhost > http_port 3126 intercept > http_port 3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/opt/websafety/etc/myca.pem > https_port 3127 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/opt/websafety/etc/myca.pem > sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s > /var/spool/squid_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1 > sslproxy_cert_error allow all > #sslproxy_cert_error allow ssl_error_domains > #sslproxy_cert_error allow ssl_error_ips > acl step1 at_step SslBump1 > acl step2 at_step SslBump2 > acl step3 at_step SslBump3 > ssl_bump peek step1 all > ssl_bump stare step2 all > ssl_bump bump step3 all > ssl_bump splice localhost > ssl_bump splice all > via off > forwarded_for on > request_header_access From deny all > request_header_access Cache-Control deny all > request_header_access Keep-Alive deny all > request_header_access Other deny all > reply_header_access Set-Cookie deny all > reply_header_access Set-Cookie2 deny all > reply_header_access Other deny all > adaptation_access greasyspoon allow all > dns_timeout 30 seconds > dns_v4_first on > #ecap_enable off > icap_enable on > icap_preview_enable off > icap_preview_size 2048 > icap_persistent_connections on > adaptation_send_client_ip on > adaptation_send_username on > icap_service greasyspoon respmod_precache icap://127.0.0.1:1344/response > <http://127.0.0.1:1344/response> bypass=0 > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > shutdown_lifetime 10 seconds/ > > > *and my access.log* > /1540823796.041 1 10.0.0.252 TAG_NONE/200 0 CONNECT > 52.114.76.34:443 <http://52.114.76.34:443> - HIER_NONE/- - > 1540823796.041 1 10.0.0.252 TAG_NONE/200 0 CONNECT 52.114.76.34:443 > <http://52.114.76.34:443> - HIER_NONE/- - > 1540823840.186 1 10.0.0.252 TAG_NONE/200 0 CONNECT 52.114.76.34:443 > <http://52.114.76.34:443> - HIER_NONE/- - > 1540823864.291 1 10.0.0.252 TAG_NONE/200 0 CONNECT > 191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/- - > 1540823864.297 8 10.0.0.252 TAG_NONE/200 0 CONNECT > 191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/- - > 1540823864.342 1 10.0.0.252 TAG_NONE/200 0 CONNECT > 191.239.240.49:443 <http://191.239.240.49:443> - HIER_NONE/- - > 1540823864.628 1 10.0.0.252 TAG_NONE/200 0 CONNECT > 152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/- - > 1540823864.628 1 10.0.0.252 TAG_NONE/200 0 CONNECT > 152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/- - > 1540823864.644 1 10.0.0.252 TAG_NONE/200 0 CONNECT > 152.199.19.161:443 <http://152.199.19.161:443> - HIER_NONE/- - > 1540824133.725 117 10.0.0.253 TCP_MISS/500 4215 GET > http://init-p01md.apple.com/bag - HIER_NONE/- text/html > 1540824133.725 114 10.0.0.253 TCP_MISS/500 4215 GET > http://init-p01md.apple.com/bag - HIER_NONE/- text/html > 1540824133.729 112 10.0.0.253 TCP_MISS/500 4310 GET > http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag? - HIER_NONE/- > text/html > 1540824133.729 109 10.0.0.253 TCP_MISS/500 4310 GET > http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag? - HIER_NONE/- > text/html > 1540824133.850 14 10.0.0.253 TAG_NONE/200 0 CONNECT > 95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/- - > 1540824133.850 11 10.0.0.253 TAG_NONE/200 0 CONNECT > 95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/- - > 1540824133.854 12 10.0.0.253 TAG_NONE/200 0 CONNECT > 95.101.216.92:443 <http://95.101.216.92:443> - HIER_NONE/- - > 1540824133.966 122 10.0.0.253 TCP_MISS/500 4205 GET > http://init-p01st.push.apple.com/bag - HIER_NONE/- text/html > 1540824133.987 164 10.0.0.253 TAG_NONE/200 0 CONNECT > 95.101.188.60:443 <http://95.101.188.60:443> - HIER_NONE/- - > 1540824133.987 164 10.0.0.253 TAG_NONE/200 0 CONNECT 17.137.166.4:443 > <http://17.137.166.4:443> - HIER_NONE/- - > 1540824134.251 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 95.101.188.60:443 <http://95.101.188.60:443> - HIER_NONE/- - > 1540824134.336 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.167.193.43:443 <http://17.167.193.43:443> - HIER_NONE/- - > 1540824136.162 17 10.0.0.253 TAG_NONE/200 0 CONNECT 192.12.31.78:443 > <http://192.12.31.78:443> - HIER_NONE/- - > 1540824136.299 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 157.119.235.19:443 <http://157.119.235.19:443> - HIER_NONE/- - > 1540824150.357 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.167.192.128:443 <http://17.167.192.128:443> - HIER_NONE/- - > 1540824159.403 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.167.192.128:443 <http://17.167.192.128:443> - HIER_NONE/- - > 1540824769.945 601 10.0.0.253 TCP_MISS/500 4217 GET > http://captive.apple.com/hotspot-detect.html - HIER_NONE/- text/html > 1540824770.651 135 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824770.654 136 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824771.204 351 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824771.451 10 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.120.225.140:443 <http://17.120.225.140:443> - HIER_NONE/- - > 1540824771.452 7 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.120.225.140:443 <http://17.120.225.140:443> - HIER_NONE/- - > 1540824771.680 827 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- - > 1540824771.688 833 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824771.688 1 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- - > 1540824771.693 6 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.64.191:443 <http://104.83.64.191:443> - HIER_NONE/- - > 1540824771.847 159 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824771.882 30 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- - > 1540824771.883 30 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824771.887 36 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- - > 1540824772.034 42 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.206:443 <http://216.58.223.206:443> - HIER_NONE/- - > 1540824772.036 6 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824772.042 1 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824772.078 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824772.146 15 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824772.150 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824772.172 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824772.243 90 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824772.278 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- - > 1540824772.296 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824772.341 8 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.194:443 <http://216.58.223.194:443> - HIER_NONE/- - > 1540824772.719 10 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- - > 1540824772.722 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824772.787 9 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- - > 1540824772.868 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- - > 1540824773.239 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 216.58.223.202:443 <http://216.58.223.202:443> - HIER_NONE/- - > 1540824773.810 8 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824773.868 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- - > 1540824774.898 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824774.964 7 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.248.146.179:443 <http://17.248.146.179:443> - HIER_NONE/- - > 1540824776.218 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824956.204 56 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824956.374 110 10.0.0.253 TCP_MISS/500 4205 GET > http://init-p01st.push.apple.com/bag - HIER_NONE/- text/html > 1540824956.966 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824957.034 7 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824957.043 3 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824957.124 23 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824957.190 13 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824957.273 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824957.355 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824957.495 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824957.573 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824957.642 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824957.723 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824957.783 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824967.333 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824967.398 5 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824967.454 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540824970.474 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540824971.300 5 10.0.0.253 TAG_NONE/200 0 CONNECT 17.56.48.13:443 > <http://17.56.48.13:443> - HIER_NONE/- - > 1540824971.625 9 10.0.0.253 TAG_NONE/200 0 CONNECT > 92.122.44.112:443 <http://92.122.44.112:443> - HIER_NONE/- - > 1540825078.056 4 10.0.0.253 TAG_NONE/200 0 CONNECT > 17.151.240.36:443 <http://17.151.240.36:443> - HIER_NONE/- - > 1540825078.058 14 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540825078.224 8 10.0.0.253 TAG_NONE/200 0 CONNECT > 104.83.75.199:443 <http://104.83.75.199:443> - HIER_NONE/- - > 1540825584.867 258 10.0.0.253 TCP_MISS/500 4217 GET > http://captive.apple.com/hotspot-detect.html - HIER_NONE/- text/html > /* > * > > please i'll provide any other information required. please i really need > help. I noticed my last two questions weren't answered, i really need > help. I've noticed google and facebook are reachable. > > -- > Nebedum Uchenna > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
