Hi Amos... ok now I upgrade recompile again everything from 3.4.8 to 3.5.4
this is the conf root@debian-template:/usr/local/squid/sbin# ./squid -k parse 2015/05/22 03:08:17| Startup: Initializing Authentication Schemes ... 2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'basic' 2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'digest' 2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'negotiate' 2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'ntlm' 2015/05/22 03:08:17| Startup: Initialized Authentication. 2015/05/22 03:08:17| Processing Configuration File: /etc/squid3/squid.conf (depth 0) 2015/05/22 03:08:17| Processing: http_port 172.16.1.10:3128 2015/05/22 03:08:17| Processing: https_port 172.16.1.10:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/myCA.pem cipher=ECDHE-RSA-RC4 -SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH 2015/05/22 03:08:17| Starting Authentication on port 172.16.1.10:3129 2015/05/22 03:08:17| Disabling Authentication on port 172.16.1.10:3129 (interception enabled) 2015/05/22 03:08:17| Processing: acl QUERY urlpath_regex cgi-bin \? 2015/05/22 03:08:17| Processing: no_cache deny QUERY 2015/05/22 03:08:17| Processing: access_log /var/log/squid3/access.log squid 2015/05/22 03:08:17| Processing: coredump_dir /var/spool/squid3 2015/05/22 03:08:17| Processing: refresh_pattern ^ftp: 1440 20% 10080 2015/05/22 03:08:17| Processing: refresh_pattern ^gopher: 1440 0% 1440 2015/05/22 03:08:17| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2015/05/22 03:08:17| Processing: refresh_pattern . 0 20% 4320 2015/05/22 03:08:17| Processing: cache_dir aufs /var/spool/squid3 4096 16 256 2015/05/22 03:08:17| Processing: refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 2015/05/22 03:08:17| Processing: acl SSL_ports port 25 # Protocols 2015/05/22 03:08:17| Processing: acl SSL_ports port 110 # to can 2015/05/22 03:08:17| Processing: acl SSL_ports port 143 # allow hit 2015/05/22 03:08:17| Processing: acl SSL_ports port 465 # gmail account 2015/05/22 03:08:17| Processing: acl SSL_ports port 587 # on the 2015/05/22 03:08:17| Processing: acl SSL_ports port 993 # internet 2015/05/22 03:08:17| Processing: acl SSL_ports port 995 # behind a firewall 2015/05/22 03:08:17| Processing: acl SSL_ports port 443 2015/05/22 03:08:17| Processing: acl SSL_ports port 563 2015/05/22 03:08:17| Processing: acl Safe_ports port 80 # http 2015/05/22 03:08:17| Processing: acl Safe_ports port 21 # ftp 2015/05/22 03:08:17| Processing: acl Safe_ports port 443 # https 2015/05/22 03:08:17| Processing: acl Safe_ports port 70 # gopher 2015/05/22 03:08:17| Processing: acl Safe_ports port 210 # wais 2015/05/22 03:08:17| Processing: acl Safe_ports port 1025-65535 # unregistered ports 2015/05/22 03:08:17| Processing: acl Safe_ports port 280 # http-mgmt 2015/05/22 03:08:17| Processing: acl Safe_ports port 488 # gss-http 2015/05/22 03:08:17| Processing: acl Safe_ports port 591 # filemaker 2015/05/22 03:08:17| Processing: acl Safe_ports port 777 # multiling http 2015/05/22 03:08:17| Processing: acl CONNECT method CONNECT 2015/05/22 03:08:17| Processing: acl purge method PURGE 2015/05/22 03:08:17| Processing: acl network src 172.16.1.0/24 2015/05/22 03:08:17| Processing: cache_mem 64 MB 2015/05/22 03:08:17| Processing: http_access allow manager localhost 2015/05/22 03:08:17| Processing: http_access deny manager 2015/05/22 03:08:17| Processing: http_access deny !Safe_ports 2015/05/22 03:08:17| Processing: http_access deny CONNECT !SSL_ports 2015/05/22 03:08:17| Processing: http_access allow localhost 2015/05/22 03:08:17| Processing: http_access allow network CONNECT 2015/05/22 03:08:17| Processing: http_access deny all 2015/05/22 03:08:17| Processing: ssl_bump server-first all 2015/05/22 03:08:17| Processing: sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1 2015/05/22 03:08:17| Processing: sslproxy_version 3 2015/05/22 03:08:17| Processing: sslproxy_options ALL 2015/05/22 03:08:17| Processing: always_direct allow all 2015/05/22 03:08:17| Processing: never_direct allow all 2015/05/22 03:08:17| Processing: max_filedesc 16384 2015/05/22 03:08:17| Processing: dns_nameservers 8.8.8.8 2015/05/22 03:08:17| Processing: dns_nameservers 8.8.4.4 2015/05/22 03:08:17| Processing: positive_dns_ttl 8 hours 2015/05/22 03:08:17| Processing: negative_dns_ttl 30 seconds 2015/05/22 03:08:17| Initializing https proxy context 2015/05/22 03:08:17| Initializing https_port 172.16.1.10:3129 SSL context 2015/05/22 03:08:17| Using certificate in /etc/squid3/ssl/myCA.pem and now the error is different. can't see any site... http or https and the logs said... 1432278470.317 0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html 1432278470.320 0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html 1432278470.323 0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html 1432278470.327 0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html 1432278472.729 0 172.16.1.20 TAG_NONE/400 2193 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - HIER_NONE/- text/html 1432278477.871 0 172.16.1.20 TAG_NONE/400 2159 GET /pki/crl/products/WinPCA.crl - HIER_NONE/- text/html 1432278482.222 0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:1028882439&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html 1432278482.244 0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:3993259034&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html 1432278483.049 0 172.16.1.20 TAG_NONE/400 2201 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - HIER_NONE/- text/html remember we need to check http normal use with acl syntaxs (that part is ok, just need the config ok to can see the same using this ssl-bump for example domains as facebook or similar) thanxs -- Antonio Peña Secure email with PGP 0x8B021001 available at https://pgp.mit.edu <https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on> Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
