Jan 30 07:05:52 ban-squid-proxy22 squid[23323]: Squid Parent: (squid-1) process 23441 started
Jan 30 07:05:52 ban-squid-proxy22 (squid-1): The ssl_crtd helpers are crashing too rapidly, need help!
Jan 30 07:05:52 ban-squid-proxy22 squid[23323]: Squid Parent: (squid-1) process 23441 exited with status 1
Jan 30 07:05:52 ban-squid-proxy22 squid[23397]: Squid Parent: (squid-1) process 23449 started
Jan 30 07:05:52 ban-squid-proxy22 (squid-1): The ssl_crtd helpers are crashing too rapidly, need help!
Jan 30 07:05:52 ban-squid-proxy22 squid[23397]: Squid Parent: (squid-1) process 23449 exited with status 1
visible_hostname squid
cache deny all
#Handling HTTP requests
http_port 3128 intercept
acl allowed_http_sites dstdomain .amazonaws.com .bbc.com
acl blacklist url_regex -i /.(.*?)
#acl allowed_http_sites dstdomain [you can add other domains to permit]
http_access allow allowed_http_sites
http_access deny blacklist
#Handling HTTPS requests
#https_port 3130 cert=/etc/pki/tls/certs/squidCA.pem ssl-bump intercept
#/root/openssl/squid.crt squid.csr /root/openssl/squid.key
https_port 3130 cert=/root/openssl/squid.crt key=/root/openssl/squid.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
acl SSL_port port 443
http_access allow SSL_port
acl allowed_https_sites ssl::server_name .amazonaws.com .cnn.com .yahoo.com .bbc.com
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1 all
#ssl_bump peek all
ssl_bump splice step2 allowed_https_sites
ssl_bump splice step3 allowed_https_sites
ssl_bump bump step2 all
http_access deny all
coredump_dir /var/cache/squid
sudo openssl genrsa -out squid.key 2048
sudo openssl req -new -key squid.key -out squid.csr -subj "/C=XX/ST=XX/L=squid/O=squid/CN=squid"
sudo openssl x509 -req -days 3650 -in squid.csr -signkey squid.key -out squid.crt
squid -v
Squid Cache: Version 3.5.28
Service Name: squid
This binary uses OpenSSL 1.0.1e-fips 11 Feb 2013. For legal restrictions on distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/usr' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--with-openssl' '--enable-ssl-crtd' --enable-ltdl-convenience
[c5278791@ban-squid-proxy22 ~]$ cat /etc/redhat-release
CentOS release 6.10 (Final)
[c5278791@ban-squid-proxy22 ~]$
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users