Package: squid-openssl Version: 4.13-10+deb11u2 Severity: normal X-Debbugs-Cc: djc8...@gmail.com
-- System Information: Debian Release: 11.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.107-2-pve (SMP w/4 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages squid-openssl depends on: ii adduser 3.118 ii init-system-helpers 1.60 ii libc6 2.31-13+deb11u6 ii libcap2 1:2.44-1 ii libcom-err2 1.46.5-2~bpo11+2 ii libcrypt1 1:4.4.18-4 ii libdb5.3 5.3.28+dfsg1-0.8 ii libdbi-perl 1.643-3+b1 ii libecap3 1.0.1-3.2+b1 ii libexpat1 2.2.10-2+deb11u5 ii libgcc-s1 10.2.1-6 ii libgssapi-krb5-2 1.18.3-6+deb11u3 ii libkrb5-3 1.18.3-6+deb11u3 ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1 ii libltdl7 2.4.6-15 ii libnetfilter-conntrack3 1.0.8-3 ii libnettle8 3.7.3-1 ii libnsl2 1.3.0-2 ii libpam0g 1.4.0-9+deb11u1 ii libsasl2-2 2.1.27+dfsg-2.1+deb11u1 ii libssl1.1 1.1.1n-0+deb11u5 ii libstdc++6 10.2.1-6 ii libsystemd0 247.3-7+1-pmx11u1 ii libxml2 2.9.10+dfsg-6.7+deb11u4 ii logrotate 3.18.0-2+deb11u1 ii lsb-base 11.1.0 ii netbase 6.3 ii squid-common 4.13-10+deb11u2 Versions of packages squid-openssl recommends: ii ca-certificates 20210119 ii libcap2-bin 1:2.44-1 Versions of packages squid-openssl suggests: ii apparmor 2.13.6-10 pn resolvconf <none> ii smbclient 2:4.13.13+dfsg-1~deb11u5 ii squid-cgi 4.13-10+deb11u2 ii squid-purge 4.13-10+deb11u2 ii squidclient 4.13-10+deb11u2 pn ufw <none> pn winbind <none> -- Configuration Files: /etc/logrotate.d/squid changed: /var/log/squid/*.log { daily compress delaycompress rotate 800 missingok nocreate sharedscripts prerotate test ! -x /usr/sbin/sarg-reports || /usr/sbin/sarg-reports daily endscript postrotate test ! -e /run/squid.pid || test ! -x /usr/sbin/squid || /usr/sbin/squid -k rotate endscript } /etc/squid/conf.d/debian.conf changed: logfile_rotate 0 http_access allow localnet /etc/squid/squid.conf changed: acl blackweb dstdomain "/etc/squid/tld_block" http_access deny blackweb dns_nameservers 127.0.0.1 192.168.0.20 192.168.0.1 htcp_access allow all icp_access allow all htcp_port 13337 icp_port 13336 acl local-servers dstdomain 192.180.0.20 192.168.0.10 always_direct allow local-servers max_stale 4 week max_filedescriptors 65534 offline_mode off url_rewrite_program /usr/bin/squidGuard –c /etc/squidguard/squidGuard.conf via off forwarded_for off request_header_access cache-control deny all request_header_access From deny all request_header_access Server deny all request_header_access WWW-Authenticate deny all request_header_access Link deny all request_header_access Cache-Control deny all request_header_access Proxy-Connection deny all request_header_access X-Cache deny all request_header_access X-Cache-Lookup deny all request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access Pragma deny all request_header_access Keep-Alive deny all acl intermediate_fetching transaction_initiator certificate-fetching http_access allow intermediate_fetching acl manager proto cache_object acl localnet src 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16 acl Safe_ports port 1-65535 # unregistered ports http_access allow localhost localnet http_access allow manager http_port 5555 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=256MB tls-cert=/etc/squid/ssl/squid-self-signed.crt tls-key=/etc/squid/ssl/squid-self-signed.key tls-dh=prime256v1:/etc/squid/ssl/squid-self-signed_dhparam.pem http_port 6666 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=256MB http_port 6767 intercept http_port 8888 http_port 7777 access_log /var/log/squid/access.log squid coredump_dir /var/spool/squid http_access deny all !localnet acl blocked_sites dstdomain "/etc/squid/blocked_sites" http_access deny blocked_sites err_page_stylesheet /etc/squid/errorpage.css cache_dir diskd /var/cache/squid/diskd 10000 32 32 Q1=128 Q2=256 tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/cache/squid/ssl_db/ssl-db -M 256MB sslcrtd_children 5 ssl_bump server-first all ssl_bump stare all sslproxy_cert_error deny all minimum_object_size 0 bytes maximum_object_size 4 GB maximum_object_size_in_memory 4096 KB refresh_pattern ^(ftp:|http:|https:) 1440 80% 10080 override-expire ignore-reload ignore-no-store ignore-private refresh_pattern -i (/cgi-bin/|\?) 11440 80% 60000 override-expire ignore-reload ignore-no-store ignore-private store-stale refresh_pattern -i ^.* 86400 100% 1000000 override-expire ignore-reload ignore-no-store ignore-private store-stale # 999999 works fine without a warning, above a million it crops to one year range_offset_limit -1 quick_abort_min -1 cache_dir rock /var/cache/squid/rock 100000 min-size=0 max-size=3145720 cache_dir rock /var/cache/squid/rock2 100000 min-size=3145721 cache_mem 8 GB -- no debconf information the generic problem in here is, that refresh_pattern does not allow more as 999999 seconds or 11 days -- squid -k parse 2023/06/10 11:58:37| Processing: refresh_pattern -i ^.* 86400 100% 1000000 override-expire ignore-reload ignore-no-store ignore-private store-stale 2023/06/10 11:58:37| WARNING: refresh_pattern maximum age too high. Cropped back to 1 year. -> By setting this value to 999999, the warning is disabled. However, why am I able to use a year in seconds but not able to... or is there a unknown restriction? -> http://www.squid-cache.org/Doc/config/refresh_pattern/ does not show a maximum value -> Assuming the Warning, it shall be 1 year. Or around about 32 million seconds and not less 1 million ;-)