Hello Amos, The problem is the connections are not getting through. It just acts like there is no WiFi connection.
Adding the cert db every start up isn’t an issue. I was thinking of having a small cert cache locally instead thinking about it since. The connections just aren’t being made. No ssl warning. Thank you Joe On Thu, 16 Nov 2017 at 08:15, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 16/11/17 02:32, Joe Foster wrote: > > Good afternoon, > > > > I have a small router onto which I have installed Squid. > > > > I am trying to filter HTTPS urls for bad words on a blocked list. > > > > It will require the client on the safe side of the router to install the > > certificate, this isn't an issue as it's an open process and not an > > illigal MITM attack. > > > > Below is my squid.conf > > > > As you will see I have been playing around with where to put the code > > and what code to put in. > > > > I only have a small amount of flash drive so I have put the auto-gen > > cert directory in /tmp/. I am aware this is volatile memory but until I > > have a better solution I will be doing this. > > Since /tmp is subject to random deletion of content you will need to > make sure you always shutdown Squid and re-run the ssl_crtd (etc.) > create command to re-generate the cert DB structures whenever the device > erases its /tmp content. Otherwise your proxy will crash and/or client > connections will start being terminated with strange looking errors. > > > IMO you would probably be better off setting the cert DB to a very small > size suitable for your limited space - or disabling it entirely [more on > that below]. > > > > > I have put a firewall rule in to forward 443 to 3128. > > > > https://wiki.squid-cache.org/Features/SslBump > > https://wiki.squid-cache.org/SquidFaq/SquidAcl > > > > I also don't want to cache due to flash drive issues. Is this possible? > > > > From the documentation of the SSL-Bump settings: > <http://www.squid-cache.org/Doc/config/http_port/> > " > dynamic_cert_mem_cache_size=SIZE > Approximate total RAM size spent on cached generated > certificates. If set to zero, caching is disabled. The > default value is 4MB. > " > > > Its the same cert in /root/ and /certs/ before anyone points it out. > > > > Nothing has been appearing in the log files either but this is no > > surprise. > > > > Been up till 1am last few nights on this so you assistance is very > > appreciated. > > That sounds like you are having a problem. But I don't see any mention > of what that is exactly. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
