I'm not sure if this can solve the problem, but, in my squid.conf I deny youtube to cache using "cache_deny"
2016-03-02 3:04 GMT-03:00 Yuri Voinov <yvoi...@gmail.com>: > > > 02.03.16 2:34, Baselsayeh пишет: > >> Yuri Voinov wrote >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> Did you read >>> >>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit >>> >>> this first? >>> >>> Look once more to examples. >>> >>> 02.03.16 2:15, Baselsayeh пишет: >>> >>>> Yuri Voinov wrote >>>> Seems to some else misconfiguration in peek-n-splice section. >>>> >>>> Where is your at_step peek definition? >>>> >>>> 02.03.16 2:08, Baselsayeh пишет: >>>> >>>>> Yuri Voinov wrote >>>>>>> >>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>> Hash: SHA256 >>>>>>>> >>>>>>>> Aha. >>>>>>>> >>>>>>>> You must know, that stare is client initiated handshake. This is >>>>>>>> >>>>>>> a bit >>> >>>> specific option, which is useless in most usecases (IMHO). >>>>>>>> >>>>>>>> More reliable configuration is peek then bump. >>>>>>>> >>>>>>>> Did you client (android) contains your cache CA public key? >>>>>>>> _______________________________________________ >>>>>>>> squid-users mailing list >>>>>>>> squid-users@.squid-cache >>>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> >>>>>>>> >>>>>>>> 0x613DEC46.asc (2K) >>>>>>>> >>>>>>>> < >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc> >>> ; >>> >>>> now new error after changing config to peek then bump >>>>>>> >>>>>>> access.log : http://pastebin.com/j97k953r >>>>>>> >>>>>> <http://pastebin.com/j97k953r> >>>> >>>>> cache.log : http://pastebin.com/2jF6nqeM >>>>>>> <http://pastebin.com/2jF6nqeM> >>>>>>> >>>>>>> squid.config : http://pastebin.com/FDuHtCDD >>>>>>> >>>>>> <http://pastebin.com/FDuHtCDD> >>>> >>>>> and now youtube works but when i enter a video it loads for a >>>>>>> >>>>>> little bit >>> >>>> then says >>>>>>> "Connection to the server lost" >>>>>>> "tap to retry" >>>>>>> >>>>>>> i tried more than 10 videos and none of them worked >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> View this message in context: >>>>>>> >>>>>> >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html >>> >>>> Sent from the Squid - Users mailing list archive at Nabble.com. >>>>>>> _______________________________________________ >>>>>>> squid-users mailing list >>>>>>> >>>>>>> squid-users@.squid-cache >>>> >>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>> >>>>>> >>>>> _______________________________________________ >>>>> squid-users mailing list >>>>> squid-users@.squid-cache >>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>> >>>>> >>>>> 0x613DEC46.asc (2K) >>>>> >>>>> < >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc> >>> ; >>> >>> what do you mean? >>>> >>>> this? >>>> >>>> http_port 3428 intercept >>>> https_port 3429 intercept ssl-bump generate-host-certificates=on >>>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem >>>> key=/home/basel/squid/rootCAkey.key >>>> ssl_bump peek all >>>> ssl_bump bump all >>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB >>>> sslcrtd_children 3 startup=1 idle=1 >>>> >>>> >>>> >>>> >>>> -- >>>> View this message in context: >>>> >>> >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html >>> >>>> Sent from the Squid - Users mailing list archive at Nabble.com. >>>> _______________________________________________ >>>> squid-users mailing list >>>> >>>> squid-users@.squid-cache >>> >>>> http://lists.squid-cache.org/listinfo/squid-users >>>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v2 >>> iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6 >>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8 >>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/ >>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj >>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT >>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I= >>> =WmcI >>> -----END PGP SIGNATURE----- >>> >>> >>> _______________________________________________ >>> squid-users mailing list >>> squid-users@.squid-cache >>> http://lists.squid-cache.org/listinfo/squid-users >>> >>> >>> 0x613DEC46.asc (2K) >>> < >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc> >>> ; >>> >> it works now >> >> http_port 3428 intercept >> https_port 3429 intercept ssl-bump generate-host-certificates=on >> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem >> key=/home/basel/squid/rootCAkey.key >> acl step1 at_step SslBump1 >> acl step2 at_step SslBump2 >> acl step3 at_step SslBump3 >> ssl_bump peek step1 >> ssl_bump bump all >> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB >> sslcrtd_children 3 startup=1 idle=1 >> >> is it correct? >> > Seems correct. > >> >> do i need sslproxy_cafile? >> > Not at all cases. By default openssl can take it own CA bundle installed > with it. > > >> >> >> >> -- >> View this message in context: >> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html >> Sent from the Squid - Users mailing list archive at Nabble.com. >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > --
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
