[squid-users] Some questions about ssl_bump.

Bruce Markey bmarkey at gmail.com
Tue Nov 17 18:46:57 UTC 2015 

So I "think" I have squid working with https, but to be honest I'm not
really sure.  Hopefully someone can point me in the right direction.

We're using squid as a transparent NON caching proxy.  It's basically only
there to give us insight into what everyone is using the web for.  From
there we'll do some blacklisting via squidguard.

I'm running centos 7, squid installed via yum.  Squid version 3.3.8.

Here are my questions.

1. If ssl_bump is working correctly what should I be seeing in my
access.log?  Something like this?
1447785601.904 240239 192.168.203.100 TCP_MISS/200 4876 CONNECT
173.194.207.113:443 - HIER_DIRECT/173.194.207.113 -

2. What should ssl_bump be set to?  Right now it's set to ssl_bump none
all.   I don't think I'm seeing the traffic in the logs.  I changed this
and instantly started seeing https in the log BUT could not connect.
Browser errors.  Yes I understand how MITM works but I'm not sure what
exactly I'm supposed to be seeing here.   I assume if this was working
correctly i'd have push out the self signed cert I used for squid to
everyone.

3.  I'm not able to block https sites with squidguard.  I think this is due
to my https proxying not being correct.  I'm just not sure what exactly to
look for to troubleshoot.


At the end of the day all I'd like to be able to do is quantify where
people are going, both http and https and to be able to blacklist certain
sites.

Thanks
Bruce



http_port 3128 intercept
https_port 3129 intercept ssl-bump cert=/opt/squid_certs/proxyCA.pem
http_port 9999
wccp_version 4
wccp2_router 192.168.200.73
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0
wccp2_service dynamic 70
wccp2_service_info 70 protocol=tcp flags=src_ip_hash,src_port_alt_hash
priority=240 ports=443
debug_options ALL, 1

#ssl-bump
ssl_bump none all
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /opt/squid_ssldb/ssl_db -M 40
MB

sslcrtd_children 5


#acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl home_network src 192.168.200.0/21
#acl guest_network src 192.168.1.0/24

#Ports allowed through Squid
acl Safe_ports port 80 #http
acl Safe_ports port 443 #https
acl SSL_ports port 443
acl SSL method CONNECT
acl CONNECT method CONNECT

#allow/deny
http_access allow localhost
http_access allow home_network
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

#rewrite program squidGuard
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 20
#url_rewrite_concurrency 0


#caching directory
cache deny all

#nameservers
dns_nameservers 192.168.201.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151117/2b1a73cf/attachment-0001.html>

More information about the squid-users mailing list