<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p><br>

    </p>

    <div class="moz-cite-prefix">On 05.03.19 06:13, Amos Jeffries wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:d093dc56-8064-f94e-a867-7ad6626e4570@treenet.co.nz">

      <pre class="moz-quote-pre" wrap="">On 5/03/19 12:10 pm, steven wrote:

</pre>

      <blockquote type="cite">

        <pre class="moz-quote-pre" wrap="">Ah thank you for that clarification, the python icap servers i tested so

far are not very promissing but at least theres a connection now.

sadly squid does not allow http access at all, only https access.

</pre>

      </blockquote>

      <pre class="moz-quote-pre" wrap="">

Er, that would be because the only http_port you have is configured with

'accl' - making it a reverse-proxy port. But you do not have any

cache_peer configured to handle that type of traffic.

So, is there any particular reason you have that port receiving 'accel'

/ reverse-proxy mode traffic?

 If not remove that mode flag and things should all work for HTTP too.

</pre>

    </blockquote>

    <p><br>

    </p>

    <p>removed the accel mode but still no luck with http, when opening

      the adress:</p>

    <p><a class="moz-txt-link-freetext" href="http://squid-web-proxy-cache.1019090.n4.nabble.com/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html">http://squid-web-proxy-cache.1019090.n4.nabble.com/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html</a><br>

    </p>

    <p><br>

    </p>

    <p>The following error was encountered while trying to retrieve the

      URL: <a

href="http://squid-web-proxy-cache.1019090.n4.nabble.com/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html">/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html</a></p>

    <p><br>

    </p>

    <p>invalid url</p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p>in this tutorial:</p>

    <p><a class="moz-txt-link-freetext" href="https://www.reddit.com/r/sysadmin/comments/a67hly/squid_proxy_a_short_guide_forward_transparent/">https://www.reddit.com/r/sysadmin/comments/a67hly/squid_proxy_a_short_guide_forward_transparent/</a></p>

    <p><br>

    </p>

    <p>the guy uses two ports for http like this:</p>

    <pre class="s90z9tc-8 hGaZWh"><code class="s90z9tc-7 cMUrmP">http_port 3128

# Listen on this HTTP port, intercepting requests

http_port 3129 intercept

and then with iptables he redirects 80 to port 3129

which does not work here :(

export http_proxy=<a class="moz-txt-link-freetext" href="http://192.168.10.215:3140">http://192.168.10.215:3140</a> && wget google.de        # im using 3140 as intercept port. config at the end.

--2019-03-10 20:20:56--  <a class="moz-txt-link-freetext" href="http://google.de/">http://google.de/</a>

Connecting to 192.168.10.215:3140... connected.

Proxy request sent, awaiting response... 403 Forbidden

2019-03-10 20:20:56 ERROR 403: Forbidden.

</code></pre>

    <p>cache.log entry:</p>

    <p>2019/03/10 20:16:20 kid1| WARNING: Forwarding loop detected for:<br>

      GET / HTTP/1.1<br>

      User-Agent: Wget/1.19.4 (linux-gnu)<br>

      Accept: */*<br>

      Accept-Encoding: identity<br>

      Via: 1.1 backup (squid/4.4)<br>

      Cache-Control: max-age=259200<br>

      Connection: keep-alive<br>

      Host: google.de<br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p>and with: <br>

    </p>

    <p>export http_proxy=<a class="moz-txt-link-freetext" href="http://192.168.10.215:3129">http://192.168.10.215:3129</a> && wget

      google.de<br>

      <br>

      no cache .log entry, wget output:</p>

    <p>--2019-03-10 20:22:42--  (try: 2)  <a class="moz-txt-link-freetext" href="http://google.de/">http://google.de/</a><br>

      Connecting to 192.168.10.215:3129... connected.<br>

      Proxy request sent, awaiting response... No data received.<br>

      Retrying.<br>

      <br>

    </p>

    <p><br>

    </p>

    <p>why does my client get a 403?<br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p>grep -v '#' squid.conf<br>

      <br>

      <br>

      icap_enable off<br>

      icap_preview_enable off<br>

      icap_send_client_ip on<br>

      icap_send_client_username on<br>

      icap_service service_req reqmod_precache bypass=1

      icap://127.0.0.1:1344/request<br>

      adaptation_access service_req allow all<br>

      icap_service service_resp respmod_precache bypass=0

      icap://127.0.0.1:1344/response<br>

      adaptation_access service_resp allow all<br>

      acl localnet src 192.168.10.0/24<br>

      http_access allow localnet<br>

      coredump_dir /var/spool/squid<br>

      refresh_pattern ^ftp:        1440    20%    10080<br>

      refresh_pattern ^gopher:    1440    0%    1440<br>

      refresh_pattern -i (/cgi-bin/|\?) 0    0%    0<br>

      refresh_pattern .        0    20%    4320<br>

      http_port 3128<br>

      http_port 3140 intercept<br>

      https_port 3129 ssl-bump intercept generate-host-certificates=on

      dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem<br>

      sslcrtd_program /usr/lib/squid/security_file_certgen -s

      /var/lib/ssl_db -M 4MB<br>

      acl step1 at_step SslBump1<br>

      <br>

      ssl_bump peek step1<br>

      ssl_bump bump all<br>

      <br>

    </p>

    <p><br>

    </p>

    <p><br>

    </p>

    <br>

  </body>

</html>