é autenticado tb. os browsers apontam para o squid. vc ainda tem o arquivo de configuração? poderia repassar?
obrigado! Alisson Ceolin ________________________________ De: Renato Alves - Gmail <[email protected]> Para: [email protected] Enviadas: Quinta-feira, 31 de Maio de 2012 13:19 Assunto: Re: [slack-users] squid com https Eu utilizo o squid no endian firewall. Bloqueava o HTTP do facebook sem problemas, mas HTTPS só depois que eu converti o squid de transparente para autenticado. Foi na hora! O seu é transparente? Em 31-05-2012 11:56, Alisson Ceolin escreveu: ola pessoal > > >estou fazendo testes com bloqueios https no squid. confesso que estou achando >documentação muito confusa.. e também muita polêmica. >meu maior problema é o facebook hj.. tenho regras de bloqueios http (grupos >ldap) e gostaria de poder filtrar tb os https. > > > >alguém utiliza squid com bloqueios https? poderia me passar alguma instrução? > > >eu ja compilei o squid com --enable-ssl >e adicionei este conteúdo ao squid.conf > > >https_port 3126 protocol=http cert=/etc/squid/ssl2/server_cert.pem >key=/etc/squid/ssl2/server_key.pem >. >. > >acl SSL method CONNECT >never_direct allow SSL >. > > > > >log de inicializacao do squid,, e tentativa de acesso a um site https > > >2012/05/31 10:54:04| Starting Squid Cache version 2.7.STABLE9 for >i386-debian-linux-gnu... >2012/05/31 10:54:04| Process ID 3337 >2012/05/31 10:54:04| With 32768 file descriptors available >2012/05/31 10:54:04| Using epoll for the IO loop >2012/05/31 10:54:04| Performing DNS Tests... >2012/05/31 10:54:04| Successful DNS name lookup tests... >2012/05/31 10:54:04| DNS Socket created at 0.0.0.0, port 60995, FD 6 >2012/05/31 10:54:04| Adding nameserver 127.0.0.1 from squid.conf >2012/05/31 10:54:04| Adding nameserver 10.12.0.2 from squid.conf >2012/05/31 10:54:04| Adding nameserver 10.12.0.22 from squid.conf >2012/05/31 10:54:04| helperOpenServers: Starting 10 'ldap_auth' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| helperOpenServers: Starting 5 'squid_ldap_group' processes >2012/05/31 10:54:04| User-Agent logging is disabled. >2012/05/31 10:54:04| Referer logging is disabled. >2012/05/31 10:54:04| logfileOpen: opening log >/var/log/squid/ppol-test-access.log >2012/05/31 10:54:04| Unlinkd pipe opened on FD 71 >2012/05/31 10:54:04| Swap maxSize 2048000 + 512000 KB, estimated 196923 objects >2012/05/31 10:54:04| Target number of buckets: 9846 >2012/05/31 10:54:04| Using 16384 Store buckets >2012/05/31 10:54:04| Max Mem size: 512000 KB >2012/05/31 10:54:04| Max Swap size: 2048000 KB >2012/05/31 10:54:04| Local cache digest enabled; rebuild/rewrite every >3600/3600 sec >2012/05/31 10:54:04| Store logging disabled >2012/05/31 10:54:04| Rebuilding storage in /var/spool/squid/ppol-test (DIRTY) >2012/05/31 10:54:04| Using Least Load store dir selection >2012/05/31 10:54:04| Set Current Directory to /var/cache/squid >2012/05/31 10:54:04| Loaded Icons. >2012/05/31 10:54:04| Accepting proxy HTTP connections at 0.0.0.0, port 3125, >FD 73. >2012/05/31 10:54:04| Accepting HTTPS connections at 0.0.0.0, port 3126, FD 74. >2012/05/31 10:54:04| Accepting ICP messages at 0.0.0.0, port 3130, FD 75. >2012/05/31 10:54:04| HTCP Disabled. >2012/05/31 10:54:04| WCCP Disabled. >2012/05/31 10:54:04| Ready to serve requests. >2012/05/31 10:54:04| Done reading /var/spool/squid/ppol-test swaplog (40 >entries) >2012/05/31 10:54:04| Finished rebuilding storage from disk. >2012/05/31 10:54:04| 40 Entries scanned >2012/05/31 10:54:04| 0 Invalid entries. >2012/05/31 10:54:04| 0 With invalid flags. >2012/05/31 10:54:04| 40 Objects loaded. >2012/05/31 10:54:04| 0 Objects expired. >2012/05/31 10:54:04| 0 Objects cancelled. >2012/05/31 10:54:04| 0 Duplicate URLs purged. >2012/05/31 10:54:04| 0 Swapfile clashes avoided. >2012/05/31 10:54:04| Took 0.3 seconds ( 154.6 objects/sec). >2012/05/31 10:54:04| Beginning Validation Procedure >2012/05/31 10:54:04| Completed Validation Procedure >2012/05/31 10:54:04| Validated 40 Entries >2012/05/31 10:54:04| store_swap_size = 796k >2012/05/31 10:54:05| storeLateRelease: released 0 objects >2012/05/31 10:54:35| aclCheckFast: list: 0xb8875760 >2012/05/31 10:54:35| aclMatchAclList: checking all >2012/05/31 10:54:35| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' >2012/05/31 10:54:35| aclMatchIp: '10.12.60.60' found >2012/05/31 10:54:35| aclMatchAclList: returning 1 >2012/05/31 10:54:35| clientNegotiateSSL: Error negotiating SSL connection on >FD 72: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request >(1/-1) >2012/05/31 10:54:35| aclCheckFast: list: 0xb8875760 >2012/05/31 10:54:35| aclMatchAclList: checking all >2012/05/31 10:54:35| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' >2012/05/31 10:54:35| aclMatchIp: '10.12.60.60' found >2012/05/31 10:54:35| aclMatchAclList: returning 1 >2012/05/31 10:54:35| clientNegotiateSSL: Error negotiating SSL connection on >FD 72: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request >(1/-1) >2012/05/31 10:54:35| aclCheckFast: list: 0xb8875760 >2012/05/31 10:54:35| aclMatchAclList: checking all >2012/05/31 10:54:35| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' >2012/05/31 10:54:35| aclMatchIp: '10.12.60.60' found >2012/05/31 10:54:35| aclMatchAclList: returning 1 >2012/05/31 10:54:35| clientNegotiateSSL: Error negotiating SSL connection on >FD 72: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request >(1/-1) >2012/05/31 10:54:35| aclCheckFast: list: 0xb8875760 >2012/05/31 10:54:35| aclMatchAclList: checking all >2012/05/31 10:54:35| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' >2012/05/31 10:54:35| aclMatchIp: '10.12.60.60' found > > > > > > >o certificado foi auto gerado ( openssl req -new -x509 -nodes -keyout >server_key.pem -out server_cert.pem ) >nao possuo unidade certificadora oficial.. não sei se seria este o motivo >do erro, ou outra coisa. teria algum modo de me auxiliar, obrigado. > > > > > >alguém tem um cenário similar? > > > >Alisson Ceolin > > > -- >GUS-BR - Grupo de Usuários de Slackware Brasil >http://www.slackwarebrasil.org/ >http://groups.google.com/group/slack-users-br > >Antes de perguntar: >http://www.istf.com.br/perguntas/ > >Para sair da lista envie um e-mail para: >[email protected] -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.istf.com.br/perguntas/ Para sair da lista envie um e-mail para: [email protected] -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.istf.com.br/perguntas/ Para sair da lista envie um e-mail para: [email protected]
