
<div dir="ltr">I'm not sure if this can solve the problem, but, in my squid.conf I deny youtube to cache using "cache_deny"<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-03-02 3:04 GMT-03:00 Yuri Voinov <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>

<br>

02.03.16 2:34, Baselsayeh пишет:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Yuri Voinov wrote<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">

-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA256<br>

  Did you read<br>

<br>

<a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit" rel="noreferrer" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a><br>

<br>

this first?<br>

<br>

Look once more to examples.<br>

<br>

02.03.16 2:15, Baselsayeh пишет:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Yuri Voinov wrote<br>

Seems to some else misconfiguration in peek-n-splice section.<br>

<br>

Where is your at_step peek definition?<br>

<br>

02.03.16 2:08, Baselsayeh пишет:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Yuri Voinov wrote<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA256<br>

<br>

Aha.<br>

<br>

You must know, that stare is client initiated handshake. This is<br>

</blockquote></blockquote></blockquote></blockquote></blockquote>

a bit<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

specific option, which is useless in most usecases (IMHO).<br>

<br>

More reliable configuration is peek then bump.<br>

<br>

Did you client (android) contains your cache CA public key?<br>

_______________________________________________<br>

squid-users mailing list<br>

squid-users@.squid-cache<br>

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

<br>

<br>

0x613DEC46.asc (2K)<br>

<br>

</blockquote></blockquote></blockquote></blockquote></blockquote></div></div>

&lt;<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc&gt" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc&gt</a>;<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

now new error after changing config to peek then bump<br>

<br>

access.log :  <a href="http://pastebin.com/j97k953r" rel="noreferrer" target="_blank">http://pastebin.com/j97k953r</a><br>

</blockquote></blockquote></blockquote></span>

&lt;<a href="http://pastebin.com/j97k953r&gt" rel="noreferrer" target="_blank">http://pastebin.com/j97k953r&gt</a>;<span class=""><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

cache.log :  <a href="http://pastebin.com/2jF6nqeM" rel="noreferrer" target="_blank">http://pastebin.com/2jF6nqeM</a><br>

&lt;<a href="http://pastebin.com/2jF6nqeM&gt" rel="noreferrer" target="_blank">http://pastebin.com/2jF6nqeM&gt</a>;<br>

<br>

squid.config :  <a href="http://pastebin.com/FDuHtCDD" rel="noreferrer" target="_blank">http://pastebin.com/FDuHtCDD</a><br>

</blockquote></blockquote></blockquote>

&lt;<a href="http://pastebin.com/FDuHtCDD&gt" rel="noreferrer" target="_blank">http://pastebin.com/FDuHtCDD&gt</a>;<br>

</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

and now youtube works but when i enter a video it loads for a<br>

</blockquote></blockquote></blockquote></blockquote><span class="">

little bit<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

then says<br>

"Connection to the server lost"<br>

"tap to retry"<br>

<br>

i tried more than 10 videos and none of them worked<br>

<br>

<br>

<br>

--<br>

View this message in context:<br>

</blockquote></blockquote></blockquote></blockquote>

<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html</a><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Sent from the Squid - Users mailing list archive at Nabble.com.<br>

_______________________________________________<br>

squid-users mailing list<br>

<br>

</blockquote></blockquote></blockquote>

squid-users@.squid-cache<br>

<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

</blockquote></blockquote>

<br>

_______________________________________________<br>

squid-users mailing list<br>

squid-users@.squid-cache<br>

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

<br>

<br>

0x613DEC46.asc (2K)<br>

<br>

</blockquote></blockquote></span>

&lt;<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc&gt" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc&gt</a>;<div><div class="h5"><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

what do you mean?<br>

<br>

this?<br>

<br>

http_port 3428 intercept<br>

https_port 3429 intercept ssl-bump generate-host-certificates=on<br>

dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem<br>

key=/home/basel/squid/rootCAkey.key<br>

ssl_bump peek all<br>

ssl_bump bump all<br>

sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB<br>

sslcrtd_children 3 startup=1 idle=1<br>

<br>

<br>

<br>

<br>

--<br>

View this message in context:<br>

</blockquote>

<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html</a><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Sent from the Squid - Users mailing list archive at Nabble.com.<br>

_______________________________________________<br>

squid-users mailing list<br>

<br>

</blockquote>

squid-users@.squid-cache<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

</blockquote>

-----BEGIN PGP SIGNATURE-----<br>

Version: GnuPG v2<br>

  iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6<br>

ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8<br>

Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/<br>

MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj<br>

fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT<br>

Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=<br>

=WmcI<br>

-----END PGP SIGNATURE-----<br>

<br>

<br>

_______________________________________________<br>

squid-users mailing list<br>

squid-users@.squid-cache<br>

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

<br>

<br>

0x613DEC46.asc (2K)<br></div></div>

&lt;<a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc&gt" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc&gt</a>;<br>

</blockquote><span class="">

it works now<br>

<br>

http_port 3428 intercept<br>

https_port 3429 intercept ssl-bump generate-host-certificates=on<br>

dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem<br>

key=/home/basel/squid/rootCAkey.key<br>

acl step1 at_step SslBump1<br>

acl step2 at_step SslBump2<br>

acl step3 at_step SslBump3<br>

ssl_bump peek step1<br>

ssl_bump bump all<br>

sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB<br>

sslcrtd_children 3 startup=1 idle=1<br>

<br>

is it correct?<br>

</span></blockquote>

Seems correct.<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<br>

do i need sslproxy_cafile?<br>

</blockquote>

Not at all cases. By default openssl can take it own CA bundle installed with it.<div class="HOEnZb"><div class="h5"><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<br>

<br>

<br>

<br>

--<br>

View this message in context: <a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html" rel="noreferrer" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html</a><br>

Sent from the Squid - Users mailing list archive at Nabble.com.<br>

_______________________________________________<br>

squid-users mailing list<br>

<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

</blockquote>

<br>

_______________________________________________<br>

squid-users mailing list<br>

<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>

<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>

</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div style="text-align:left"><font size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AAAAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>

</div>