Search squid archive

Re: VoIP Software trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/25/19 6:00 AM, gswijker wrote:

> Squid Proxy Server v3.5
...
> ssl_bump peek all
> ssl_bump splice all

Please upgrade to Squid v4 (at least) or stop using SslBump features,
depending on whether you actually need SslBump features. And if you do
need SslBump features, then you must configure http_port(s) accordingly.


> tail -f /var/log/squid/access.log:
> 1564047457.829  65109 10.1.10.224 TAG_NONE/503 0 CONNECT
> clients.interact.mtel.eu:443 - HIER_NONE/- -

The primary question is why is your Squid responding with a 503 error to
the CONNECT request? Perhaps Squid cannot resolve
clients.interact.mtel.eu domain name? You can see Squid error response
(that may have more details) in a packet capture (or, probably, in
cache.log after setting debug_options to ALL,2).


> http_access allow all
> http_access allow localnet
> http_access allow localhost
> http_access deny all
...
> http_access allow localhost manager
> http_access deny manager


This combination does not make sense. The very first rule is the only
one that will work, potentially turning your Squid into an open proxy.
However, this is not the reason for those 503 errors.


> http_port 3128
> http_port 3130
...
> http_port 3128

One http_port directive per port/address, please. Perhaps you are not
looking at cache.log errors/warnings? They are often useful.


> I'm a linux novice, so do it step by step, please.

Sorry, the above is all I had time for. If you need more detailed
instructions, then hopefully somebody on the list can give them to you.


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux