<div dir="ltr">I'm not sure if this can solve the problem, but, in my squid.conf I deny youtube to cache using "cache_deny"<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-03-02 3:04 GMT-03:00 Yuri Voinov <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
02.03.16 2:34, Baselsayeh пишет:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Yuri Voinov wrote<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
Did you read<br>
<br>
<a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit" rel="noreferrer" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a><br>
<br>
this first?<br>
<br>
Look once more to examples.<br>
<br>
02.03.16 2:15, Baselsayeh пишет:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Yuri Voinov wrote<br>
Seems to some else misconfiguration in peek-n-splice section.<br>
<br>
Where is your at_step peek definition?<br>
<br>
02.03.16 2:08, Baselsayeh пишет:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Yuri Voinov wrote<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Aha.<br>
<br>
You must know, that stare is client initiated handshake. This is<br>
</blockquote></blockquote></blockquote></blockquote></blockquote>
a bit<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
specific option, which is useless in most usecases (IMHO).<br>
<br>
More reliable configuration is peek then bump.<br>
<br>
Did you client (android) contains your cache CA public key?<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@.squid-cache<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
<br>
0x613DEC46.asc (2K)<br>
<br>
</blockquote></blockquote></blockquote></blockquote></blockquote></div></div>
<<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc>" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc></a>;<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
now new error after changing config to peek then bump<br>
<br>
access.log : <a href="http://pastebin.com/j97k953r" rel="noreferrer" target="_blank">http://pastebin.com/j97k953r</a><br>
</blockquote></blockquote></blockquote></span>
<<a href="http://pastebin.com/j97k953r>" rel="noreferrer" target="_blank">http://pastebin.com/j97k953r></a>;<span class=""><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
cache.log : <a href="http://pastebin.com/2jF6nqeM" rel="noreferrer" target="_blank">http://pastebin.com/2jF6nqeM</a><br>
<<a href="http://pastebin.com/2jF6nqeM>" rel="noreferrer" target="_blank">http://pastebin.com/2jF6nqeM></a>;<br>
<br>
squid.config : <a href="http://pastebin.com/FDuHtCDD" rel="noreferrer" target="_blank">http://pastebin.com/FDuHtCDD</a><br>
</blockquote></blockquote></blockquote>
<<a href="http://pastebin.com/FDuHtCDD>" rel="noreferrer" target="_blank">http://pastebin.com/FDuHtCDD></a>;<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
and now youtube works but when i enter a video it loads for a<br>
</blockquote></blockquote></blockquote></blockquote><span class="">
little bit<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
then says<br>
"Connection to the server lost"<br>
"tap to retry"<br>
<br>
i tried more than 10 videos and none of them worked<br>
<br>
<br>
<br>
--<br>
View this message in context:<br>
</blockquote></blockquote></blockquote></blockquote>
<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html</a><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
_______________________________________________<br>
squid-users mailing list<br>
<br>
</blockquote></blockquote></blockquote>
squid-users@.squid-cache<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></blockquote>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@.squid-cache<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
<br>
0x613DEC46.asc (2K)<br>
<br>
</blockquote></blockquote></span>
<<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc>" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc></a>;<div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
what do you mean?<br>
<br>
this?<br>
<br>
http_port 3428 intercept<br>
https_port 3429 intercept ssl-bump generate-host-certificates=on<br>
dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem<br>
key=/home/basel/squid/rootCAkey.key<br>
ssl_bump peek all<br>
ssl_bump bump all<br>
sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB<br>
sslcrtd_children 3 startup=1 idle=1<br>
<br>
<br>
<br>
<br>
--<br>
View this message in context:<br>
</blockquote>
<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html</a><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
_______________________________________________<br>
squid-users mailing list<br>
<br>
</blockquote>
squid-users@.squid-cache<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6<br>
ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8<br>
Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/<br>
MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj<br>
fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT<br>
Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=<br>
=WmcI<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@.squid-cache<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
<br>
0x613DEC46.asc (2K)<br></div></div>
<<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc>" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc></a>;<br>
</blockquote><span class="">
it works now<br>
<br>
http_port 3428 intercept<br>
https_port 3429 intercept ssl-bump generate-host-certificates=on<br>
dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem<br>
key=/home/basel/squid/rootCAkey.key<br>
acl step1 at_step SslBump1<br>
acl step2 at_step SslBump2<br>
acl step3 at_step SslBump3<br>
ssl_bump peek step1<br>
ssl_bump bump all<br>
sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB<br>
sslcrtd_children 3 startup=1 idle=1<br>
<br>
is it correct?<br>
</span></blockquote>
Seems correct.<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
do i need sslproxy_cafile?<br>
</blockquote>
Not at all cases. By default openssl can take it own CA bundle installed with it.<div class="HOEnZb"><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html</a><br>
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div style="text-align:left"><font size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AAAAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>
</div>