
<div dir="ltr">Hi Amos... <div><br></div><div>ok now I upgrade recompile again everything from 3.4.8 to 3.5.4</div><div><br></div><div>this is the conf</div><div><br></div><div>


<div>

<span style="font-family:monospace"><span style="color:rgb(0,0,0)">root@debian-template:/usr/local/squid/sbin# ./squid -k parse  </span><br>2015/05/22 03:08:17| Startup: Initializing Authentication Schemes ...

<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'basic'

<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'digest'

<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'negotiate'

<br>2015/05/22 03:08:17| Startup: Initialized Authentication Scheme 'ntlm'

<br>2015/05/22 03:08:17| Startup: Initialized Authentication.

<br>2015/05/22 03:08:17| Processing Configuration File: /etc/squid3/squid.conf (depth 0)

<br>2015/05/22 03:08:17| Processing: http_port <a href="http://172.16.1.10:3128">172.16.1.10:3128</a>

<br>2015/05/22 03:08:17| Processing: https_port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/myCA.pem cipher=ECDHE-RSA-RC4<br>-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH

<br>2015/05/22 03:08:17| Starting Authentication on port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a>

<br>2015/05/22 03:08:17| Disabling Authentication on port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a> (interception enabled)

<br>2015/05/22 03:08:17| Processing: acl QUERY urlpath_regex cgi-bin \?

<br>2015/05/22 03:08:17| Processing: no_cache deny QUERY

<br>2015/05/22 03:08:17| Processing: access_log /var/log/squid3/access.log squid

<br>2015/05/22 03:08:17| Processing: coredump_dir /var/spool/squid3

<br>2015/05/22 03:08:17| Processing: refresh_pattern ^ftp:       1440    20% 10080

<br>2015/05/22 03:08:17| Processing: refresh_pattern ^gopher:    1440    0%  1440

<br>2015/05/22 03:08:17| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0%  0

<br>2015/05/22 03:08:17| Processing: refresh_pattern .       0   20% 4320

<br>2015/05/22 03:08:17| Processing: cache_dir aufs /var/spool/squid3 4096 16 256

<br>2015/05/22 03:08:17| Processing: refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600       90%     43200

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 25      # Protocols

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 110      # to can

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 143     # allow hit

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 465     # gmail account

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 587     # on the

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 993     # internet

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 995     # behind a firewall

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 443

<br>2015/05/22 03:08:17| Processing: acl SSL_ports port 563

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 80      # http

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 21      # ftp

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 443     # https

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 70      # gopher

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 210     # wais

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 1025-65535  # unregistered ports

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 280     # http-mgmt

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 488     # gss-http

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 591     # filemaker

<br>2015/05/22 03:08:17| Processing: acl Safe_ports port 777     # multiling http

<br>2015/05/22 03:08:17| Processing: acl CONNECT method CONNECT

<br>2015/05/22 03:08:17| Processing: acl purge method PURGE

<br>2015/05/22 03:08:17| Processing: acl network src <a href="http://172.16.1.0/24">172.16.1.0/24</a>

<br>2015/05/22 03:08:17| Processing: cache_mem 64 MB

<br>2015/05/22 03:08:17| Processing: http_access allow manager localhost

<br>2015/05/22 03:08:17| Processing: http_access deny manager

<br>2015/05/22 03:08:17| Processing: http_access deny !Safe_ports

<br>2015/05/22 03:08:17| Processing: http_access deny CONNECT !SSL_ports

<br>2015/05/22 03:08:17| Processing: http_access allow localhost

<br>2015/05/22 03:08:17| Processing: http_access allow network CONNECT

<br>2015/05/22 03:08:17| Processing: http_access deny all

<br>2015/05/22 03:08:17| Processing: ssl_bump server-first all

<br>2015/05/22 03:08:17| Processing: sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1

<br>2015/05/22 03:08:17| Processing: sslproxy_version 3

<br>2015/05/22 03:08:17| Processing: sslproxy_options ALL

<br>2015/05/22 03:08:17| Processing: always_direct allow all

<br>2015/05/22 03:08:17| Processing: never_direct allow all

<br>2015/05/22 03:08:17| Processing: max_filedesc 16384

<br>2015/05/22 03:08:17| Processing: dns_nameservers 8.8.8.8

<br>2015/05/22 03:08:17| Processing: dns_nameservers 8.8.4.4

<br>2015/05/22 03:08:17| Processing: positive_dns_ttl 8 hours

<br>2015/05/22 03:08:17| Processing: negative_dns_ttl 30 seconds

<br>2015/05/22 03:08:17| Initializing https proxy context

<br>2015/05/22 03:08:17| Initializing https_port <a href="http://172.16.1.10:3129">172.16.1.10:3129</a> SSL context

<br>2015/05/22 03:08:17| Using certificate in /etc/squid3/ssl/myCA.pem<br>

<br></span></div><div>and now the error is different.</div><div><br></div><div>can't see any site... http or https</div><div><br></div><div>and the logs said...</div><div><br></div><div>


<div>

<span style="font-family:monospace"><span style="color:rgb(0,0,0)">1432278470.317      0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html

</span><br>1432278470.320      0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html

<br>1432278470.323      0 172.16.1.20 TAG_NONE/400 388 HEAD /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html

<br>1432278470.327      0 172.16.1.20 TAG_NONE/400 2223 GET /v11/2/windowsupdate/redir/v6-win7sp1-wuredir.cab?1505220707 - HIER_NONE/- text/html

<br>1432278472.729      0 172.16.1.20 TAG_NONE/400 2193 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - HIER_NONE/- text/html

<br>1432278477.871      0 172.16.1.20 TAG_NONE/400 2159 GET /pki/crl/products/WinPCA.crl - HIER_NONE/- text/html

<br>1432278482.222      0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:1028882439&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html

<br>1432278482.244      0 172.16.1.20 TAG_NONE/400 2333 POST /service/update2?cup2key=5:3993259034&cup2hreq=1beabeae3a9008aa500f171f3efd92cac82574e42989d76d9104766a07e2e021 - HIER_NONE/- text/html

<br>1432278483.049      0 172.16.1.20 TAG_NONE/400 2201 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - HIER_NONE/- text/html<br>

<br></span></div></div><div><span style="font-family:monospace">remember we need to check http normal use with acl syntaxs (that part is ok, just need the config ok to can see the same using this ssl-bump for example domains as facebook or similar)</span></div><div><span style="font-family:monospace"><br></span></div><div><span style="font-family:monospace">thanxs</span></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><font color="#888888"><font color="#888888">Antonio Pe</font><span><font color="#888888">ñ</font></span><font color="#888888">a</font><span></span><br><font color="#888888">Secure email with PGP 0x8B021001 available at <a href="https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on" target="_blank">https://pgp.mit.edu</a><br></font></font><font color="#888888">

<font color="#888888">Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001</font></font></div></div></div>

</div></div>