[squid-users] squid-users Digest, Vol 22, Issue 136
Anand Palani
anand at visolve.com
Tue Jun 28 08:31:35 UTC 2016
Hello,
can you use some IP address instead of domain names (skype.com &
chatapp) for No SSLBUMP.
On 6/28/2016 1:30 PM, squid-users-request at lists.squid-cache.org wrote:
> Send squid-users mailing list submissions to
> squid-users at lists.squid-cache.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
> squid-users-request at lists.squid-cache.org
>
> You can reach the person managing the list at
> squid-users-owner at lists.squid-cache.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
> 1. Re: squid with HTTPS and some APPs not working (Yuri)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 Jun 2016 14:00:12 +0600
> From: Yuri <yvoinov at gmail.com>
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] squid with HTTPS and some APPs not working
> Message-ID: <8840f7dd-cf2f-3077-9f44-1446480d5eab at gmail.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
>
>
> 28.06.2016 13:39, --Ahmad-- пишет:
>> Hi ,
>> i have squid that is working on 3.5 .
>>
>> traffic of t 80 and 443 traffic to Squid via IPTables.
>>
>> Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to
>> intercept all SSL traffic and PKI has been setup and distributed to
>> all clients.
>>
>> we have a problem in Skype of Business (Office 365) and Slack (Chat
>> app) seems its broken from squid intercept.
>>
>>
>> i tried to do exception for ssl for the domains that shown on the
>> ACCess.log file when i use the APPs , but no luck
>>
>> i tried to execlide the websites below :
>>
>> skype.com <http://skype.com>
>> lync.com
>> todyl.com
>> fastly\.net
>> .slack-msgs.com
>> .amazonaws.com
>> .slack.com <http://slack.com>
>>
>>
>> #########################################################
>> but it still not working and the APPS (( Skype of Business (Office
>> 365) and Slack (Chat app))) are not working .
>>
>> again , here is my nobump file :
>>
>>
>> cat /opt/etc/squid.doms.nobump
>>
>> \.skype\.com$
>> \.lync\.com$
>> \.todyl\.com$
>> \.fastly\.net$
>> \.slack-msgs\.com$
>> \.amazonaws\.com$
>> \.slack\.com$
>>
>> ##############################################################
>>
>> current versions we have :
>>
>> ·Squid 3.5.19
>>
>> ·C-ICAP 0.4.2
>>
>> ·SquidclamAV 6.15
>>
>> ·ClamAV 0.99.2
>>
>> ######################################################################
>>
>> here is squid.conf :
>>
>> # Example rule allowing access from your local networks.
>> # Adapt to list your (internal) IP networks from where browsing
>> # should be allowed
>> acl localnet src 10.0.0.0/8# RFC1918 possible internal network
>>
>> # Example rule allowing access from your local networks.
>> # Adapt localnet in the ACL section to list your (internal) IP networks
>> # from where browsing should be allowed
>> http_access allow localnet
>> http_access allow localhost
>> http_access allow localhost manager
>> http_access deny manager
>>
>> # Squid normally listens to port 3128
>> http_port 3127
>> http_port 3128 intercept
>>
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/cache/squid
>>
>> visible_hostname shield.TodylInc.shield
>>
>> cache_log /opt/var/log/squid/cache_log
>> cache_access_log /opt/var/log/squid/access_log
>>
>> #user and group
>> cache_effective_user squid
>> cache_effective_group squid
>>
>> acl todyl dstdomaintodyl.com <http://todyl.com>
>> request_header_add X-TODYL-GUID 1e46dccd2 todyl
>>
>> #Custom Error Pages
>> error_directory /opt/www/squid
>>
>> # Squid listen Port
>> https_port 3129 intercept ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=4MB key=/opt/etc/pki/squid/ca-key.pem
>> cert=/opt/etc/pki/squid/ca.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> Search list "Skype issue" thread, some day ago.
>
>> # SSL Bump Config
>> always_direct allow all
>> ssl_bump server-first all
>> sslcrtd_program /opt/libexec/ssl_crtd -s /opt/lib/ssl_db -M 4MB
>> sslcrtd_children 32 startup=5 idle=1
>>
>> ##############################################
>> acl DiscoverSNIHost at_step SslBump1
>> acl NoSSLIntercept ssl::server_name_regex -i "/opt/etc/squid.doms.nobump"
>> ssl_bump splice NoSSLIntercept
>> ssl_bump peek DiscoverSNIHost
>> ssl_bump bump all
>> ##################
>>
>> #Hardening
>> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
> # SINGLE_ECDH_USE
> # Enable ephemeral ECDH key exchange.
> # The adopted curve should be specified
> # using the tls-dh option.
>
>
> # tls-dh=[curve:]file
> # File containing DH parameters for temporary/ephemeral DH key
> # exchanges, optionally prefixed by a curve for ephemeral ECDH
> # key exchanges.
> # See OpenSSL documentation for details on how to create the
> # DH parameter file. Supported curves for ECDH can be listed
> # using the "openssl ecparam -list_curves" command.
> # WARNING: EDH and EECDH ciphers will be silently disabled if
> # this option is not set.
>
>> sslproxy_cipher
>> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
> # tls-dh=[curve:]file
> # File containing DH parameters for temporary/ephemeral DH key
> # exchanges, optionally prefixed by a curve for ephemeral ECDH
> # key exchanges.
> # See OpenSSL documentation for details on how to create the
> # DH parameter file. Supported curves for ECDH can be listed
> # using the "openssl ecparam -list_curves" command.
> # WARNING: EDH and EECDH ciphers will be silently disabled if
> # this option is not set.
>
>> # TUNING
>> cache_dir aufs /var/cache/squid 40000 16 256
>> store_dir_select_algorithm round-robin
>> minimum_object_size 0 KB
>> maximum_object_size 96 MB
>> memory_pools off
>> quick_abort_min 0 KB
>> quick_abort_max 0 KB
>> log_icp_queries off
>> client_db off
>> cache_mem 1500 MB
>> buffered_logs on
>> half_closed_clients off
>>
>> dns_nameservers 10.192.0.1
>> ##################################################################
>>
>>
>> here is squid -k parse :
>>
>> [root at 1e46dccd2 var]# squid -k parse
>> 2016/06/27 08:06:08| Startup: Initializing Authentication Schemes ...
>> 2016/06/27 08:06:08| Startup: Initialized Authentication Scheme 'basic'
>> 2016/06/27 08:06:08| Startup: Initialized Authentication Scheme 'digest'
>> 2016/06/27 08:06:08| Startup: Initialized Authentication Scheme
>> 'negotiate'
>> 2016/06/27 08:06:08| Startup: Initialized Authentication Scheme 'ntlm'
>> 2016/06/27 08:06:08| Startup: Initialized Authentication.
>> 2016/06/27 08:06:08| Processing Configuration File:
>> /opt/etc/squid.conf (depth 0)
>> 2016/06/27 08:06:08| Processing: acl localnet src 10.0.0.0/8 # RFC1918
>> possible internal network
>> 2016/06/27 08:06:08| Processing: http_access allow localnet
>> 2016/06/27 08:06:08| Processing: http_access allow localhost
>> 2016/06/27 08:06:08| Processing: http_access allow localhost manager
>> 2016/06/27 08:06:08| Processing: http_access deny manager
>> 2016/06/27 08:06:08| Processing: http_port 3127
>> 2016/06/27 08:06:08| Processing: http_port 3128 intercept
>> 2016/06/27 08:06:08| Starting Authentication on port [::]:3128
>> 2016/06/27 08:06:08| Disabling Authentication on port [::]:3128
>> (interception enabled)
>> 2016/06/27 08:06:08| Processing: coredump_dir /var/cache/squid
>> 2016/06/27 08:06:08| Processing: visible_hostname shield.TodylInc.shield
>> 2016/06/27 08:06:08| Processing: cache_log /opt/var/log/squid/cache_log
>> 2016/06/27 08:06:08| Processing: cache_access_log
>> /opt/var/log/squid/access_log
>> 2016/06/27 08:06:08| Processing: cache_effective_user squid
>> 2016/06/27 08:06:08| Processing: cache_effective_group squid
>> 2016/06/27 08:06:08| Processing: acl todyl dstdomain todyl.com
>> <http://todyl.com>
>> 2016/06/27 08:06:08| Processing: request_header_add X-TODYL-GUID
>> 1e46dccd2 todyl
>> 2016/06/27 08:06:08| Processing: error_directory /opt/www/squid
>> 2016/06/27 08:06:08| Processing: https_port 3129 intercept ssl-bump
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> key=/opt/etc/pki/squid/ca-key.pem cert=/opt/etc/pki/squid/ca.pem
>> options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
>> 2016/06/27 08:06:08| Starting Authentication on port [::]:3129
>> 2016/06/27 08:06:08| Disabling Authentication on port [::]:3129
>> (interception enabled)
>> 2016/06/27 08:06:08| Processing: always_direct allow all
>> 2016/06/27 08:06:08| Processing: ssl_bump server-first all
>> 2016/06/27 08:06:08| Processing: sslcrtd_program /opt/libexec/ssl_crtd
>> -s /opt/lib/ssl_db -M 4MB
>> 2016/06/27 08:06:08| Processing: sslcrtd_children 32 startup=5 idle=1
>> 2016/06/27 08:06:08| Processing: acl DiscoverSNIHost at_step SslBump1
>> 2016/06/27 08:06:08| Processing: acl NoSSLIntercept
>> ssl::server_name_regex -i "/opt/etc/squid.doms.nobump"
>> 2016/06/27 08:06:08| Processing: ssl_bump splice NoSSLIntercept
>> 2016/06/27 08:06:08| Processing: ssl_bump peek DiscoverSNIHost
>> 2016/06/27 08:06:08| Processing: ssl_bump bump all
>> 2016/06/27 08:06:08| Processing: sslproxy_options
>> NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
>> 2016/06/27 08:06:08| Processing: sslproxy_cipher
>> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>> 2016/06/27 08:06:08| Processing: cache_dir aufs /var/cache/squid 40000
>> 16 256
>> 2016/06/27 08:06:08| Processing: store_dir_select_algorithm round-robin
>> 2016/06/27 08:06:08| Processing: minimum_object_size 0 KB
>> 2016/06/27 08:06:08| Processing: maximum_object_size 96 MB
>> 2016/06/27 08:06:08| Processing: memory_pools off
>> 2016/06/27 08:06:08| Processing: quick_abort_min 0 KB
>> 2016/06/27 08:06:08| Processing: quick_abort_max 0 KB
>> 2016/06/27 08:06:08| Processing: log_icp_queries off
>> 2016/06/27 08:06:08| Processing: client_db off
>> 2016/06/27 08:06:08| Processing: cache_mem 1500 MB
>> 2016/06/27 08:06:08| Processing: buffered_logs on
>> 2016/06/27 08:06:08| Processing: half_closed_clients off
>> 2016/06/27 08:06:08| Processing: dns_nameservers 10.192.0.1
>> 2016/06/27 08:06:08| Initializing https proxy context
>> 2016/06/27 08:06:08| Initializing https_port [::]:3129 SSL context
>> 2016/06/27 08:06:08| Using certificate in /opt/etc/pki/squid/ca.pem
>> —————————————————————————————————
>>
>>
>>
>> here is access.log
>>
>>
>> 1467029265.989 50 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 52.84.29.139:443 - ORIGINAL_DST/52.84.29.139 -
>> 1467029265.999 59 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 52.84.29.139:443 - ORIGINAL_DST/52.84.29.139 -
>> 1467029266.070 59 10.192.0.12 TCP_MISS/200 13171 GET
>> https://slack.com/help/test - ORIGINAL_DST/52.84.29.139 text/html
>> 1467029266.222 53 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 172.217.5.14:443 - ORIGINAL_DST/172.217.5.14 -
>> 1467029266.234 66 10.192.0.12 TCP_MISS/200 598 GET
>> https://slack.com/beacon/track/? - ORIGINAL_DST/52.84.29.139 image/gif
>> 1467029266.274 26 10.192.0.12 TCP_MISS/200 557 GET
>> https://www.google-analytics.com/r/collect? -
>> ORIGINAL_DST/172.217.5.14 image/gif
>> 1467029266.314 66 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 169.54.33.172:443 - ORIGINAL_DST/169.54.33.172 -
>> 1467029266.368 21 10.192.0.12 TCP_MISS/200 547 GET
>> https://api.mixpanel.com/track/? - ORIGINAL_DST/169.54.33.172
>> application/json
>> 1467029266.469 42 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 199.27.76.249:443 - ORIGINAL_DST/199.27.76.249 -
>> 1467029266.722 231 10.192.0.12 TCP_MISS/200 11968 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-0.png? -
>> ORIGINAL_DST/199.27.76.249 image/png
>> 1467029267.044 303 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 54.231.161.8:443 - ORIGINAL_DST/54.231.161.8 -
>> 1467029267.231 170 10.192.0.12 TCP_MISS/200 11994 GET
>> https://s3-us-west-2.amazonaws.com/slack-files2/beacons/boomerang1/image-0.png?
>> - ORIGINAL_DST/54.231.161.8 image/png
>> 1467029267.482 145 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 54.172.232.15:443 - ORIGINAL_DST/54.172.232.15 -
>> 1467029267.563 63 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
>> https://mpmulti-y6oq.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
>> - ORIGINAL_DST/54.172.232.15 -
>> 1467029267.771 167 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 52.91.147.164:443 - ORIGINAL_DST/52.91.147.164 -
>> 1467029267.891 110 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
>> https://mpmulti-f4bz.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
>> - ORIGINAL_DST/52.91.147.164 -
>> 1467029268.106 153 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 52.23.253.30:443 - ORIGINAL_DST/52.23.253.30 -
>> 1467029268.194 79 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
>> https://mpmulti-zdjz.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
>> - ORIGINAL_DST/52.23.253.30 -
>> 1467029268.449 160 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 52.201.253.102:443 - ORIGINAL_DST/52.201.253.102 -
>> 1467029268.567 110 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
>> https://mpmulti-2pbf.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
>> - ORIGINAL_DST/52.201.253.102 -
>> 1467029268.764 149 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 52.91.121.224:443 - ORIGINAL_DST/52.91.121.224 -
>> 1467029268.845 74 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
>> https://mpmulti-x1if.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
>> - ORIGINAL_DST/52.91.121.224 -
>> 1467029268.967 108 10.192.0.12 TCP_MISS/200 516 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029269.169 187 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029269.285 101 10.192.0.12 TCP_MISS/200 516 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029269.467 167 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029269.643 160 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029269.824 165 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029270.004 164 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029270.186 165 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029270.295 94 10.192.0.12 TCP_MISS/200 516 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029270.489 173 10.192.0.12 TCP_MISS/200 517 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
>> ORIGINAL_DST/199.27.76.249 image/gif
>> 1467029270.656 151 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
>> https://slack.global.ssl.fastly.net/beacons/boomerang1/image-0.png? -
>> ORIGINAL_DST/199.27.76.249 -
>> 1467029273.699 57 10.192.0.12 TCP_MISS/200 951 GET
>> http://lyncdiscover.todyl.com/? - ORIGINAL_DST/131.253.163.205
>> application/vnd.microsoft.rtc.autodiscover+xml
>> 1467029273.713 72 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.163.205:443 - ORIGINAL_DST/131.253.163.205 -
>> 1467029273.797 73 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029273.874 70 10.192.0.12 TCP_MISS/200 1453 GET
>> https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root?
>> - ORIGINAL_DST/131.253.161.142
>> application/vnd.microsoft.rtc.autodiscover+xml
>> 1467029273.952 74 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029273.985 25 10.192.0.12 TCP_MISS/401 2206 GET
>> https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user?
>> - ORIGINAL_DST/131.253.161.142 text/html
>> 1467029274.077 76 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029274.217 132 10.192.0.12 TCP_MISS/200 18842 POST
>> https://webdir2a.online.lync.com/WebTicket/WebTicketService.svc/mex -
>> ORIGINAL_DST/131.253.161.142 application/soap+xml
>> 1467029274.430 152 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 23.96.208.238:443 - ORIGINAL_DST/23.96.208.238 -
>> 1467029274.631 180 10.192.0.12 TCP_MISS/200 16835 POST
>> https://login.microsoftonline.com/RST2.srf -
>> ORIGINAL_DST/23.96.208.238 application/soap+xml
>> 1467029274.720 75 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029274.858 131 10.192.0.12 TCP_MISS/200 6107 POST
>> https://webdir2a.online.lync.com/WebTicket/WebTicketAdvancedService.svc/WsFed_bearer
>> - ORIGINAL_DST/131.253.161.142 text/xml
>> 1467029274.936 73 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029274.998 55 10.192.0.12 TCP_MISS/200 2507 GET
>> https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user?
>> - ORIGINAL_DST/131.253.161.142
>> application/vnd.microsoft.rtc.autodiscover+xml
>> 1467029275.099 72 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.139:443 - ORIGINAL_DST/131.253.161.139 -
>> 1467029275.216 70 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.147:443 - ORIGINAL_DST/131.253.161.147 -
>> 1467029275.524 107 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 134.170.113.218:443 - ORIGINAL_DST/134.170.113.218 -
>> 1467029279.731 24 10.192.0.12 TCP_MISS/200 951 GET
>> http://lyncdiscover.todyl.com/? - ORIGINAL_DST/131.253.163.205
>> application/vnd.microsoft.rtc.autodiscover+xml
>> 1467029279.778 71 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.163.205:443 - ORIGINAL_DST/131.253.163.205 -
>> 1467029279.814 76 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029279.847 27 10.192.0.12 TCP_MISS/200 1453 GET
>> https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root?
>> - ORIGINAL_DST/131.253.161.142
>> application/vnd.microsoft.rtc.autodiscover+xml
>> 1467029279.922 70 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029279.952 24 10.192.0.12 TCP_MISS/401 2206 GET
>> https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user?
>> - ORIGINAL_DST/131.253.161.142 text/html
>> 1467029280.032 73 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
>> 1467029280.092 54 10.192.0.12 TCP_MISS/200 2507 GET
>> https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user?
>> - ORIGINAL_DST/131.253.161.142
>> application/vnd.microsoft.rtc.autodiscover+xml
>> 1467029280.180 73 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.139:443 - ORIGINAL_DST/131.253.161.139 -
>> 1467029280.270 73 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.161.147:443 - ORIGINAL_DST/131.253.161.147 -
>> 1467029280.396 107 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 134.170.113.218:443 - ORIGINAL_DST/134.170.113.218 -
>> 1467029287.555 75 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029287.673 92 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029287.681 41 10.192.0.12 TCP_MISS/200 607 GET
>> http://login.live.com/ppcrlcheck.srf - ORIGINAL_DST/131.253.61.68
>> text/html
>> 1467029287.729 41 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029287.784 46 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029287.801 92 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 131.253.61.68:443 - ORIGINAL_DST/131.253.61.68 -
>> 1467029287.859 61 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029287.926 52 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029287.964 134 10.192.0.12 TCP_MISS/200 10828 POST
>> https://login.live.com/RST2.srf - ORIGINAL_DST/131.253.61.68
>> application/soap+xml
>> 1467029287.998 56 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029288.051 40 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
>> 1467029288.204 46 10.192.0.12 TCP_MISS/302 538 GET
>> http://go.microsoft.com/fwlink/? - ORIGINAL_DST/23.66.120.244 -
>> 1467029288.389 147 10.192.0.12 TCP_MISS/302 1786 GET
>> http://www.microsoft.com/security/encyclopedia/adlpackages.aspx? -
>> ORIGINAL_DST/23.203.90.59 text/html
>> 1467029288.422 48 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 13.90.208.215:443 - ORIGINAL_DST/13.90.208.215 -
>> 1467029288.882 311 10.192.0.12 TAG_NONE/200 0 CONNECT
>> 104.41.32.78:443 - ORIGINAL_DST/104.41.32.78 -
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Any Help ????
> Finally. Where is you specify following parameters in squid.conf:
>
> sslproxy_cafile /usr/local/squid/etc/ca-bundle.crt
> sslproxy_foreign_intermediate_certs /usr/local/squid/etc/intermediate_ca.pem
>
> ???
>
>> *
>> *
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160628/91929761/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 22, Issue 136
> ********************************************
More information about the squid-users
mailing list