<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.6">
</HEAD>
<BODY>
Hey all.<BR>
<BR>
Topic says it....I'm running squid-3.5.3-20150420-r13802 and wanted to see if there's anything glaring that I'm missing/have misconfigured. My setup is squid is running on a router, one nic external, one nic internal. This is running as a transparent proxy with iptables doing a redirect to ports 3128 and 3129. Config below:<BR>
<BR>
#############################################################<BR>
acl localnet src 192.168.1.0/24<BR>
<BR>
acl SSL_ports port 443<BR>
acl Safe_ports port 80 # http<BR>
acl Safe_ports port 443 # https<BR>
<BR>
acl CONNECT method CONNECT<BR>
acl broken_sites dst 96.16.0.0/15<BR>
<others redacted><BR>
acl broken_sites dst 54.160.0.0/12<BR>
acl allowed_sites url_regex "/opt/etc/squid/url.txt"<BR>
acl all_others dst all<BR>
acl SSL method CONNECT<BR>
<BR>
<BR>
http_access deny !Safe_ports<BR>
http_access deny CONNECT !SSL_ports<BR>
<BR>
http_access allow manager localhost<BR>
http_access deny manager<BR>
<BR>
http_access allow allowed_sites<BR>
http_access allow broken_sites<BR>
<BR>
http_access deny all_others <BR>
http_access allow localnet<BR>
http_access allow localhost<BR>
<BR>
http_access deny all<BR>
icp_access deny all<BR>
<BR>
<BR>
sslproxy_cert_error allow broken_sites<BR>
sslproxy_cert_error deny all<BR>
<BR>
sslproxy_options ALL<BR>
acl p3129 myportname 3129<BR>
acl step1 at_step SslBump1<BR>
ssl_bump peek step1<BR>
#ssl_bump splice broken_sites<BR>
ssl_bump bump p3129<BR>
<BR>
<BR>
http_port 192.168.1.253:3128 intercept <BR>
https_port 192.168.1.253:3129 intercept ssl-bump cert=/opt/sslsplit/sslsplit.crt key=/opt/sslsplit/sslsplitca.key cafile=/opt/sslsplit/sslsplitca.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslflags=NO_SESSION_REUSE<BR>
<BR>
always_direct allow all<BR>
<BR>
logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh %ssl::>cert_subject<BR>
<BR>
access_log syslog:daemon.info common<BR>
<BR>
refresh_pattern ^ftp: 1440 20% 10080<BR>
refresh_pattern ^gopher: 1440 0% 1440<BR>
refresh_pattern -i (cgi-bin|\?) 0 0% 0<BR>
refresh_pattern . 0 20% 4320<BR>
<BR>
icp_port 3130<BR>
<BR>
coredump_dir /opt/var<BR>
#############################################################<BR>
<BR>
My goal has been to at least get the domain logged on any https access, but alas some sites show:<BR>
<BR>
Apr 24 06:39:32 gateway (squid-1): 192.168.1.101 - - [24/Apr/2015:06:39:32 -0600] "CONNECT 216.58.216.162:443 HTTP/1.1" 200 401 TCP_TUNNEL:ORIGINAL_DST -<BR>
<BR>
Thanks for the look see...trying to keep current.<BR>
<BR>
James
</BODY>
</HTML>