On 7/25/19 6:00 AM, gswijker wrote: > Squid Proxy Server v3.5 ... > ssl_bump peek all > ssl_bump splice all Please upgrade to Squid v4 (at least) or stop using SslBump features, depending on whether you actually need SslBump features. And if you do need SslBump features, then you must configure http_port(s) accordingly. > tail -f /var/log/squid/access.log: > 1564047457.829 65109 10.1.10.224 TAG_NONE/503 0 CONNECT > clients.interact.mtel.eu:443 - HIER_NONE/- - The primary question is why is your Squid responding with a 503 error to the CONNECT request? Perhaps Squid cannot resolve clients.interact.mtel.eu domain name? You can see Squid error response (that may have more details) in a packet capture (or, probably, in cache.log after setting debug_options to ALL,2). > http_access allow all > http_access allow localnet > http_access allow localhost > http_access deny all ... > http_access allow localhost manager > http_access deny manager This combination does not make sense. The very first rule is the only one that will work, potentially turning your Squid into an open proxy. However, this is not the reason for those 503 errors. > http_port 3128 > http_port 3130 ... > http_port 3128 One http_port directive per port/address, please. Perhaps you are not looking at cache.log errors/warnings? They are often useful. > I'm a linux novice, so do it step by step, please. Sorry, the above is all I had time for. If you need more detailed instructions, then hopefully somebody on the list can give them to you. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
