Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
Hello, after changing http to https it still give protocol not available... 2014-04-17 11:00 GMT+02:00 Ict Security ict.security@gmail.com: Oh.. excuse me! I was wrong! 2014-04-17 10:26 GMT+02:00 Amm ammdispose-sq...@yahoo.com: Please ask in mailing list not personally. Everybody there will help you. I did whatever I knew. Thanks Amm. From: Ict Security ict.security@gmail.com To: Amm ammdispose-sq...@yahoo.com Sent: Thursday, 17 April 2014 1:51 PM Subject: Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available) It still says protocol not available... Thank you Francesco
Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
I wll try to test the issue later. notice that in the case of chrome browser and spdy the issue might be really protocol not avaliable and you will maybe need to disable the usage of spdy. try to disable anything related to prefetch. What browser what OS? Eliezer On 04/17/2014 12:01 PM, Ict Security wrote: Hello, after changing http to https it still give protocol not available... 2014-04-17 11:00 GMT+02:00 Ict Security ict.security@gmail.com: Oh.. excuse me! I was wrong! 2014-04-17 10:26 GMT+02:00 Amm ammdispose-sq...@yahoo.com: Please ask in mailing list not personally. Everybody there will help you. I did whatever I knew. Thanks Amm. From: Ict Security ict.security@gmail.com To: Amm ammdispose-sq...@yahoo.com Sent: Thursday, 17 April 2014 1:51 PM Subject: Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available) It still says protocol not available... Thank you Francesco
Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
Hello, i have the problem with both Explorer and firefox; i do not think i have configured spdy... Thank you! Francesco 2014-04-17 19:59 GMT+02:00 Eliezer Croitoru elie...@ngtech.co.il: I wll try to test the issue later. notice that in the case of chrome browser and spdy the issue might be really protocol not avaliable and you will maybe need to disable the usage of spdy. try to disable anything related to prefetch. What browser what OS? Eliezer On 04/17/2014 12:01 PM, Ict Security wrote: Hello, after changing http to https it still give protocol not available... 2014-04-17 11:00 GMT+02:00 Ict Security ict.security@gmail.com: Oh.. excuse me! I was wrong! 2014-04-17 10:26 GMT+02:00 Amm ammdispose-sq...@yahoo.com: Please ask in mailing list not personally. Everybody there will help you. I did whatever I knew. Thanks Amm. From: Ict Security ict.security@gmail.com To: Amm ammdispose-sq...@yahoo.com Sent: Thursday, 17 April 2014 1:51 PM Subject: Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available) It still says protocol not available... Thank you Francesco
[squid-users] How to make Squid 3.3.8 a transparent proxy?
Hi together, I just upgraded Ubuntu 12.04 to 14.04 and with it I upgraded squid to 3.3.8. I am using a Dansguardian / Squid content filter on my localhost. Dansguardian ist correctly working after the upgrade, but not Squid. Here is my goal: configure Squid as a transparent proxy listening on port 3128. Here is me current squid.conf: -%- acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all http_port 3128 transparent coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 -%- With the config above, squid starts correctly. But when I want to access a website, squid says: Access denied. I tried hours all solutions I found in Google, but none worked. Can you please help me? Greetings, Tobias
[squid-users] Squid Non-Responsive With generate-host-certificates.
Hi, I already posted this but no one responded - I’m guessing that I posted too much of my config file and too much of my log. Now, I just included what is important to fix the problem and if you want complete files posted I can. I recently configured Squid to ssl-bump connections and dynamically generate certificates. I am running Squid 3.3.3 on Ubuntu 13.10. — ssl_bump server-first #Devices configured to use the proxy. No interception for HTTPS http_port 3128 https_port 3128 cert=/usr/ssl/myCA.pem #Devices configured to use the proxy. Interception for HTTPS http_port 3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/ssl/myCA.pem #Devices unconfigured to use the proxy. Sent by the router. http_port 3127 intercept ssl-bump cert=/usr/ssl/myCA.pem https_port 3126 intercept ssl-bump cert=/usr/ssl/myCA.pem — Squid worked flawlessly until I added the http_port 3129 line with the ssl-bump and generate host certificates. After this, Squid now crashes anywhere from 1 - 12 hours. Here is part of my cache.log file — 2014/04/12 21:40:37 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9 2014/04/12 21:40:37 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:3129 remote=[::] FD 12 flags=9 2014/04/12 21:40:37 kid1| Accepting NAT intercepted SSL bumped HTTP Socket connections at local=0.0.0.0:3127 remote=[::] FD 13 flags=41 2014/04/12 21:40:37 kid1| Accepting HTTPS Socket connections at local=[::]:3128 remote=[::] FD 14 flags=9 2014/04/12 21:40:37 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=0.0.0.0:3126 remote=[::] FD 15 flags=41 2014/04/12 21:40:37 kid1| ERROR: listen( FD 14, [::] [ job9832], 1024): (98) Address already in use 2014/04/12 21:50:56 kid1| clientNegotiateSSL: Error negotiating SSL connection on FD 30: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) ***MESSAGE ABOVE REPEATED MULTIPLE TIMES 2014/04/12 21:56:29 kid1| WARNING: HTTP: Invalid Response: No object data received for https://www.facebook.com/connect/ping ***MESSAGE ABOVE REPEATED MULTIPLE TIMES 2014/04/13 22:08:08 kid1| WARNING! Your cache is running out of filedescriptors ***MESSAGE ABOVE REPEATED MULTIPLE TIMES 2014/04/13 22:13:08 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on local=192.168.0.10:3126 remote=192.168.0.49:39402 FD 62 flags=33: (2) No such file or directory ***MESSAGE ABOVE REPEATED MULTIPLE TIMES 2014/04/13 22:22:14 kid1| WARNING! Your cache is running out of filedescriptors I’m thinking it is crashing from the lack of file descriptors. I changed my configuration file to give it 4096 file descriptors and the cache.log confirms this when starting up. I would really appreciate any ideas that anyone might have to fix this problem. Thanks!
