[squid-users] Squid 4.6 Transparent HTTP & HTTPS Proxy

tester100 portalnet2 at outlook.com.br
Sat Apr 13 13:40:52 UTC 2019


Hiya

i am trying to compile squid 4.6 also with the same configure as shown here
but its giving me error on the enable-ssl  option..


I have managed to compile it without the --enable-ssl function, but then
again

in the ssl_crtd files  there is no files generated therefore it shows the
following error


/etc/squid/ssl_certs# /usr/lib/squid/ssl_crtd: No such file or directory
bash: /usr/lib/squid/ssl_crtd:: No such file or directory



dkanejs wrote
> Thanks for the reply and apologies my post didn't include the HTML
> fragments:
> 
> Configuration:
> 
> ./configure \
>     --enable-ssl \
>     --enable-ssl-crtd \
>     --with-openssl \
>     --disable-arch-native \
>     --prefix=/usr \
>     --localstatedir=/var \
>     --sysconfdir=/etc/squid \
>     --libexecdir=/usr/lib/squid \
>     --datadir=/usr/share/squid \
>     --with-default-user=proxy \
>     --with-logdir=/var/log/squid \
>     --with-pidfile=/var/run/squid.pid
> 
> Squid configuration:
> 
> visible_hostname squid
> http_port 3128
> acl whitelist dstdomain .example.com
> http_access allow whitelist
> https_port 3129 cert=/etc/squid/squid.pem
> options=NO_SSLv2,NO_SSLv3,NO_TLSv1,NO_TLSv1_1,NO_TICKET 
> cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
> ssl-bump intercept
> acl SSL_port port 443
> http_access allow SSL_port
> acl CONNECT method CONNECT
> acl step1 at_step SslBump1
> acl step2 at_step SslBump2
> acl step3 at_step SslBump3
> ssl_bump peek step1 all
> ssl_bump peek step2 whitelist
> ssl_bump splice step3 whitelist
> ssl_bump terminate step2 all
> http_access deny all
> coredump_dir /var/cache/squid/
> 
> iptables:
> 
> iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
> iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port
> 3129
> 
> Access log:
> 
> 1551954200.914     54 10.0.1.166 NONE_ABORTED/200 0 CONNECT
> 93.184.216.34:443 - HIER_NONE/- -
> 1551954214.370      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/-
> text/html
> 1551954217.223      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/-
> text/html
> 1551954256.558      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/-
> text/html
> 1551954261.638      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/-
> text/html
> 1551954273.516    215 10.0.1.166 NONE_ABORTED/200 0 CONNECT
> 93.184.216.34:443 - HIER_NONE/- -
> 1551954391.304      1 185.59.221.44 NONE_ABORTED/200 0 CONNECT
> 10.0.0.151:443 - HIER_NONE/- -
> 1551954395.346      0 185.59.221.44 NONE_ABORTED/200 0 CONNECT
> 10.0.0.151:443 - HIER_NONE/- -
> 1551954398.938      0 185.59.221.44 NONE_ABORTED/200 0 CONNECT
> 10.0.0.151:443 - HIER_NONE/- -
> 
> Thanks again,
> David
> 
> 
> 
> --
> Sent from:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
> _______________________________________________
> squid-users mailing list

> squid-users at .squid-cache

> http://lists.squid-cache.org/listinfo/squid-users





--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list