<div dir="ltr">Hi Amos... <div><br></div><div>ok now I upgrade recompile again everything from 3.4.8 to 3.5.4</div><div><br></div><div>this is the conf</div><div><br></div><div>



<div>
<span style="font-family:monospace"><span style="color:rgb(0,0,0)">root@debian-template:/usr/local/squid/sbin# ./squid -k parse  </span><br>2015/05/22 03:08:17| Startup: Initializing Authentication Schemes ...
<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'basic'
<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'digest'
<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'negotiate'
<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'ntlm'
<br>2015/05/22 03:08:17| Startup: Initialized Authentication.
<br>2015/05/22 03:08:17| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
<br>2015/05/22 03:08:17| Processing: http_port <a href="http://172.16.1.10:3128">172.16.1.10:3128</a>
<br>2015/05/22 03:08:17| Processing: https_port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/myCA.pem cipher=ECDHE-RSA-RC4<br>-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
<br>2015/05/22 03:08:17| Starting Authentication on port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a>
<br>2015/05/22 03:08:17| Disabling Authentication on port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a> (interception enabled)
<br>2015/05/22 03:08:17| Processing: acl QUERY urlpath_regex cgi-bin \?
<br>2015/05/22 03:08:17| Processing: no_cache deny QUERY
<br>2015/05/22 03:08:17| Processing: access_log /var/log/squid3/access.log squid
<br>2015/05/22 03:08:17| Processing: coredump_dir /var/spool/squid3
<br>2015/05/22 03:08:17| Processing: refresh_pattern ^ftp:       1440    20% 10080
<br>2015/05/22 03:08:17| Processing: refresh_pattern ^gopher:    1440    0%  1440
<br>2015/05/22 03:08:17| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
<br>2015/05/22 03:08:17| Processing: refresh_pattern .       0   20% 4320
<br>2015/05/22 03:08:17| Processing: cache_dir aufs /var/spool/squid3 4096 16 256
<br>2015/05/22 03:08:17| Processing: refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600       90%     43200
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 25      # Protocols
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 110      # to can
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 143     # allow hit
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 465     # gmail account
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 587     # on the
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 993     # internet
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 995     # behind a firewall
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 443
<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 563
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 80      # http
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 21      # ftp
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 443     # https
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 70      # gopher
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 210     # wais
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 1025-65535  # unregistered ports
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 280     # http-mgmt
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 488     # gss-http
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 591     # filemaker
<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 777     # multiling http
<br>2015/05/22 03:08:17| Processing: acl CONNECT method CONNECT
<br>2015/05/22 03:08:17| Processing: acl purge method PURGE
<br>2015/05/22 03:08:17| Processing: acl network src <a href="http://172.16.1.0/24">172.16.1.0/24</a>
<br>2015/05/22 03:08:17| Processing: cache_mem 64 MB
<br>2015/05/22 03:08:17| Processing: http_access allow manager localhost
<br>2015/05/22 03:08:17| Processing: http_access deny manager
<br>2015/05/22 03:08:17| Processing: http_access deny !Safe_ports
<br>2015/05/22 03:08:17| Processing: http_access deny CONNECT !SSL_ports
<br>2015/05/22 03:08:17| Processing: http_access allow localhost
<br>2015/05/22 03:08:17| Processing: http_access allow network CONNECT
<br>2015/05/22 03:08:17| Processing: http_access deny all
<br>2015/05/22 03:08:17| Processing: ssl_bump server-first all
<br>2015/05/22 03:08:17| Processing: sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1
<br>2015/05/22 03:08:17| Processing: sslproxy_version 3
<br>2015/05/22 03:08:17| Processing: sslproxy_options ALL
<br>2015/05/22 03:08:17| Processing: always_direct allow all
<br>2015/05/22 03:08:17| Processing: never_direct allow all
<br>2015/05/22 03:08:17| Processing: max_filedesc 16384
<br>2015/05/22 03:08:17| Processing: dns_nameservers 8.8.8.8
<br>2015/05/22 03:08:17| Processing: dns_nameservers 8.8.4.4
<br>2015/05/22 03:08:17| Processing: positive_dns_ttl 8 hours
<br>2015/05/22 03:08:17| Processing: negative_dns_ttl 30 seconds
<br>2015/05/22 03:08:17| Initializing https proxy context
<br>2015/05/22 03:08:17| Initializing https_port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a> SSL context
<br>2015/05/22 03:08:17| Using certificate in /etc/squid3/ssl/myCA.pem<br>
<br></span></div><div>and now the error is different.</div><div><br></div><div>can't see any site... http or https</div><div><br></div><div>and the logs said...</div><div><br></div><div>



<div>
<span style="font-family:monospace"><span style="color:rgb(0,0,0)">1432278470.317      0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
</span><br>1432278470.320      0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
<br>1432278470.323      0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
<br>1432278470.327      0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html
<br>1432278472.729      0 172.16.1.20 TAG_NONE/400 2193 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - HIER_NONE/- text/html
<br>1432278477.871      0 172.16.1.20 TAG_NONE/400 2159 GET /pki/crl/products/WinPCA.crl - HIER_NONE/- text/html
<br>1432278482.222      0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:1028882439&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html
<br>1432278482.244      0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:3993259034&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html
<br>1432278483.049      0 172.16.1.20 TAG_NONE/400 2201 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - HIER_NONE/- text/html<br>
<br></span></div></div><div><span style="font-family:monospace">remember we need to check http normal use with acl syntaxs (that part is ok, just need the config ok to can see the same using this ssl-bump for example domains as facebook or similar)</span></div><div><span style="font-family:monospace"><br></span></div><div><span style="font-family:monospace">thanxs</span></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><font color="#888888"><font color="#888888">Antonio Pe</font><span><font color="#888888">ñ</font></span><font color="#888888">a</font><span></span><br><font color="#888888">Secure email with PGP 0x8B021001 available at <a href="https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on" target="_blank">https://pgp.mit.edu</a><br></font></font><font color="#888888">
<font color="#888888">Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001</font></font></div></div></div>
</div></div>