[squid-users] Help with HTTPS SQUID 3.1.23

Anderson Rosario andersonrosario2 at gmail.com
Wed Jun 26 13:29:21 UTC 2019 

I can not access to HTTPS sites, 3 weeks ago was working fine, without
doing any change in the topology update or config stopped and it is not
working with HTTPS sites. it keeps loading and I recieve a message from
navegators The connection to the server was reset while the page was
loading.

*here my squid config:*

#
# Recommended minimum configuration:


#
visible_hostname proxy.local.local

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/23 # RFC1918 possible internal network
acl localnet src 192.168.0.0/23
#acl localnet src fc00::/7       # RFC 4193 local private network range
#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 85 # puerto agregado
acl Safe_ports port 883 # puerto agregado
acl Safe_ports port 5222 # puerto agregado
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_port 3128

######### AD AUTH ###########
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
"dc=local,dc=LOCAL" -D "cn=squid,ou=proxy,dc=local,dc=LOCAL" -w "123456" -f
sAMAccountName=%s -h 192.168.0.213

auth_param basic children 5
auth_param basic realm Inserte su usuario de Windows para navegar
auth_param basic credentialsttl 1 hour

external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -R -b
"dc=local,dc=LOCAL" -D "cn=squid,ou=proxy,dc=local,dc=LOCAL" -w "123456" -f
"(&(objectclass=person)
(sAMAccountName=%v)(memberof=cn=%a,ou=proxy,dc=local,dc=LOCAL))" -h
192.168.0.213
##############################

###### ALCs que definen los grupos ######
acl nivel0 external ldap_group nivel0
acl nivel1 external ldap_group nivel1
acl nivel2 external ldap_group nivel2
acl nivel3 external ldap_group nivel3
acl nivel4 external ldap_group nivel4
acl nivel5 external ldap_group nivel5
acl nivel6 external ldap_group nivel6

#########################################

###### Custom ACLs ######
acl rule1 url_regex -i ars humano senasa universal arsuniversal google.com
google.com.do universal.com.do .tss.gov.do tss tss.gov.do banreservas
banreservas.com universal.com arshumano arshumano.com consultascuentas
consultascuentas.arshumano.com banreservas.com.do \.jpg$

acl rule2 dstdomain .facebook.com .youtube.com .rdmusica.com .
listindiario.com .diariolibre.com .hotmail.com .outlook.com .yahoo.com .
mlb.com .espn.com .bleacherreport.com .lamega.com .espn.go.com .
espndeportes.com mail.google.com .twitter.com .hi5.com .freakshare.com .
bitshare.com .seriespepito.com .seriales.com .cuevana.tv .rapidshare.com .
supercarros.com .chatango.com .blogger.com .videobb.com .gmail.com

acl rule3 dstdomain .youtube.com .mlb.com .espn.com .bleacherreport.com .
lamega.com .espn.go.com .espndeportes.com       seriespepito.com .
seriales.com .cuevana.tv .rapidshare.com .supercarros.com .chatango.com .
blogger.com .videobb.com .sex.com .xxx.com .facebook.com

acl desc1 url_regex -i \.avi$ \.mov$ \.rar$ \.qt$ \.mpe$ \.mpeg$ \.mpg$
\.ief$ \.wav$ \.mp3$ \.mp4$ \.tar$ \.rpm$ \.zip$ \.gtar$ \.exe$ \.movie$
\.midi$ \.mid$ \.kar$ \.java$ \.dir$ sex lesbian porn porno xxx

acl rule7 dstdomain .facebook.com .hotmail.com mail.google.com .gmail.com .
yahoo.com .yahoo.es accounts.google.com

acl desc7 url_regex -i accounts gmail mail accounts.google.com

acl desc2 url_regex -i \.avi$ \.mov$ \.rar$ \.qt$ \.mpe$ \.mpeg$ \.mpg$
\.jpe$ \.jpg$ \.jpeg$ \.ief$ \.bmp$ \.wav$ \.mp3$ \.mp4$ \.tar$ \.rpm$
\.zip$ \.gtar$ \.exe$ \.movie$ \.midi$ \.mid$ \.kar$ \.dir$ \.png$ sex
lesbian porn porno

acl desc3 url_regex -i \.avi$ \.mov$ \.qt$ \.ief$  \.wav$ \.mp3$ \.mp4$
\.tar$ \.rpm$ \.gtar$ \.exe$ \.movie$ \.midi$ \.mid$ \.kar$  \.dir$ \.bmp$
\.java$ \.png$ \.mpe$ \.mpeg$ \.mpg$  lesbian porn porno xxx

acl desc4 url_regex -i \.avi$ \.png$  \.java$ \.mpe$ \.mpeg$ \.mpg$ \.mov$
\.qt$  \.rpm$\.gtar$ \.exe$ \.movie$ \.dir$ \.rar$ sex lesbian porn porno
#########################

###### Reglas de acceso ######

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports


#
http_access allow nivel6
http_access allow nivel5
http_access allow nivel4
http_access allow nivel3 !rule3 !desc3 !rule7 !desc7
http_access allow nivel2 !rule2 !desc2 !rule7 !desc7
http_access deny nivel1 !rule1
http_access allow nivel1 !desc1 !rule7 !desc7
http_access deny nivel0
http_access deny all
##############################


# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190626/56dd8e31/attachment.html>

More information about the squid-users mailing list