I can not access to HTTPS sites, 3 weeks ago was working fine, without doing any change in the topology update or config stopped and it is not working with HTTPS sites. it keeps loading and I recieve a message from navegators The connection to the server was reset while the page was loading.
*here my squid config:* # # Recommended minimum configuration: # visible_hostname proxy.local.local acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/23 # RFC1918 possible internal network acl localnet src 192.168.0.0/23 #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 85 # puerto agregado acl Safe_ports port 883 # puerto agregado acl Safe_ports port 5222 # puerto agregado acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_port 3128 ######### AD AUTH ########### auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=local,dc=LOCAL" -D "cn=squid,ou=proxy,dc=local,dc=LOCAL" -w "123456" -f sAMAccountName=%s -h 192.168.0.213 auth_param basic children 5 auth_param basic realm Inserte su usuario de Windows para navegar auth_param basic credentialsttl 1 hour external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=local,dc=LOCAL" -D "cn=squid,ou=proxy,dc=local,dc=LOCAL" -w "123456" -f "(&(objectclass=person) (sAMAccountName=%v)(memberof=cn=%a,ou=proxy,dc=local,dc=LOCAL))" -h 192.168.0.213 ############################## ###### ALCs que definen los grupos ###### acl nivel0 external ldap_group nivel0 acl nivel1 external ldap_group nivel1 acl nivel2 external ldap_group nivel2 acl nivel3 external ldap_group nivel3 acl nivel4 external ldap_group nivel4 acl nivel5 external ldap_group nivel5 acl nivel6 external ldap_group nivel6 ######################################### ###### Custom ACLs ###### acl rule1 url_regex -i ars humano senasa universal arsuniversal google.com google.com.do universal.com.do .tss.gov.do tss tss.gov.do banreservas banreservas.com universal.com arshumano arshumano.com consultascuentas consultascuentas.arshumano.com banreservas.com.do \.jpg$ acl rule2 dstdomain .facebook.com .youtube.com .rdmusica.com . listindiario.com .diariolibre.com .hotmail.com .outlook.com .yahoo.com . mlb.com .espn.com .bleacherreport.com .lamega.com .espn.go.com . espndeportes.com mail.google.com .twitter.com .hi5.com .freakshare.com . bitshare.com .seriespepito.com .seriales.com .cuevana.tv .rapidshare.com . supercarros.com .chatango.com .blogger.com .videobb.com .gmail.com acl rule3 dstdomain .youtube.com .mlb.com .espn.com .bleacherreport.com . lamega.com .espn.go.com .espndeportes.com seriespepito.com . seriales.com .cuevana.tv .rapidshare.com .supercarros.com .chatango.com . blogger.com .videobb.com .sex.com .xxx.com .facebook.com acl desc1 url_regex -i \.avi$ \.mov$ \.rar$ \.qt$ \.mpe$ \.mpeg$ \.mpg$ \.ief$ \.wav$ \.mp3$ \.mp4$ \.tar$ \.rpm$ \.zip$ \.gtar$ \.exe$ \.movie$ \.midi$ \.mid$ \.kar$ \.java$ \.dir$ sex lesbian porn porno xxx acl rule7 dstdomain .facebook.com .hotmail.com mail.google.com .gmail.com . yahoo.com .yahoo.es accounts.google.com acl desc7 url_regex -i accounts gmail mail accounts.google.com acl desc2 url_regex -i \.avi$ \.mov$ \.rar$ \.qt$ \.mpe$ \.mpeg$ \.mpg$ \.jpe$ \.jpg$ \.jpeg$ \.ief$ \.bmp$ \.wav$ \.mp3$ \.mp4$ \.tar$ \.rpm$ \.zip$ \.gtar$ \.exe$ \.movie$ \.midi$ \.mid$ \.kar$ \.dir$ \.png$ sex lesbian porn porno acl desc3 url_regex -i \.avi$ \.mov$ \.qt$ \.ief$ \.wav$ \.mp3$ \.mp4$ \.tar$ \.rpm$ \.gtar$ \.exe$ \.movie$ \.midi$ \.mid$ \.kar$ \.dir$ \.bmp$ \.java$ \.png$ \.mpe$ \.mpeg$ \.mpg$ lesbian porn porno xxx acl desc4 url_regex -i \.avi$ \.png$ \.java$ \.mpe$ \.mpeg$ \.mpg$ \.mov$ \.qt$ \.rpm$\.gtar$ \.exe$ \.movie$ \.dir$ \.rar$ sex lesbian porn porno ######################### ###### Reglas de acceso ###### http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # http_access allow nivel6 http_access allow nivel5 http_access allow nivel4 http_access allow nivel3 !rule3 !desc3 !rule7 !desc7 http_access allow nivel2 !rule2 !desc2 !rule7 !desc7 http_access deny nivel1 !rule1 http_access allow nivel1 !desc1 !rule7 !desc7 http_access deny nivel0 http_access deny all ############################## # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
