<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div>Tested same thing..</div><div><br></div><div>I noticed it does have the default when I ran squid -k parse see below</div><div><br></div><div><br></div>I restored lines:<div><div>http_access deny !safeports</div><div>http_access deny CONNECT !sslports</div><div>http_access allow localhost manager</div><div>http_access deny manager</div><div>cachemgr_passwd disable offline_toggle reconfigure shutdown</div><div>cachemgr_passwd redacted password all</div><div>eui_lookup on</div><div>acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\?</div><div>acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat</div><div>acl CONNECT method CONNECT</div><div>acl wuCONNECT dstdomain www.update.microsoft.com</div><div>acl wuCONNECT dstdomain sls.microsoft.com</div><div>http_access allow CONNECT wuCONNECT localnet</div><div>http_access allow CONNECT wuCONNECT localhost</div><div>http_access allow windowsupdate localnet</div><div>http_access allow windowsupdate localhost</div><div>http_access allow HttpAccess localnet</div><div>http_access allow HttpAccess localhost</div><div>http_access deny manager</div><div>http_access deny to_ipv6</div><div>http_access deny from_ipv6</div><div><br></div><div>acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken"</div><div>acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH</div><div>sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch</div><div>sslproxy_cert_error deny all</div><div><br></div><div>acl splice_only src 192.168.1.8 #Tasha iPhone</div><div>acl splice_only src 192.168.1.10 #Jon iPhone</div><div>acl splice_only src 192.168.1.11 #Amazon Fire</div><div>acl splice_only src 192.168.1.15 #Tasha HP</div><div>acl splice_only src 192.168.1.16 #iPad</div><div><br></div><div>acl splice_only_mac arp redactedmac</div><div>acl splice_only_mac arp redactedmac</div><div>acl splice_only_mac arp redactedmac</div><div>acl splice_only_mac arp redactedmac</div><div>acl splice_only_mac arp redactedmac</div><div><br></div><div>acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump"</div><div>acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump"</div><div><br></div><div>acl markBumped annotate_client bumped=true</div><div>acl active_use annotate_client active=true</div><div>acl bump_only src 192.168.1.3 #webtv</div><div>acl bump_only src 192.168.1.4 #toshiba</div><div>acl bump_only src 192.168.1.5 #imac</div><div>acl bump_only src 192.168.1.9 #macbook</div><div>acl bump_only src 192.168.1.13 #dell</div><div><br></div><div>acl bump_only_mac arp redactedmac</div><div>acl bump_only_mac arp redactedmac</div><div>acl bump_only_mac arp redactedmac</div><div>acl bump_only_mac arp redactedmac</div><div>acl bump_only_mac arp redactedmac</div><div>sslproxy_cert_sign signTrusted bump_only_mac</div><div><br></div><div>ssl_bump peek step1</div><div>miss_access deny no_miss active_use</div><div>ssl_bump splice https_login active_use</div><div>ssl_bump splice splice_only_mac splice_only active_use</div><div>ssl_bump splice NoBumpDNS active_use</div><div>ssl_bump splice NoSSLIntercept active_use</div><div>ssl_bump bump bump_only_mac bump_only active_use</div><div>acl activated note active_use true</div><div>ssl_bump terminate !activated</div><div><br></div><div>shutdown_lifetime 1 seconds</div><div>negative_dns_ttl 5 minutes</div><div><br></div></div><div>Output same</div><div><br><div><h2 class="panel-title" style="box-sizing: border-box; font-family: Roboto, sans-serif; font-weight: 500; line-height: 1.1; color: rgb(60, 118, 61); margin-top: 0px; margin-bottom: 0px; font-size: 16px; caret-color: rgb(60, 118, 61); background-color: rgb(223, 240, 216);">Shell Output - squidclient -v -U admin -W redactedpassword mgr:info</h2></div><div><pre style="box-sizing: border-box; overflow: auto; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; padding: 9.5px; margin-top: 0px; margin-bottom: 10px; line-height: 1.428571; color: rgb(51, 51, 51); word-break: break-all; overflow-wrap: break-word; background-color: rgb(245, 245, 245); border: 1px solid rgb(204, 204, 204); border-radius: 4px; caret-color: rgb(51, 51, 51);">Request:

GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0

Host: localhost:3128

User-Agent: squidclient/6.6

Accept: */*

Authorization: Basic redactedQ==

Connection: close

.

HTTP/1.1 403 Forbidden

Server: squid

Mime-Version: 1.0

Date: Thu, 11 Jul 2024 21:06:49 GMT

Content-Type: text/html;charset=utf-8

Content-Length: 3788

X-Squid-Error: ERR_ACCESS_DENIED 0

Vary: Accept-Language

Content-Language: en

Cache-Status: Lee_Family.home.arpa

Cache-Status: Lee_Family.home.arpa;detail=no-cache

Connection: close</pre><div><div>same thing tested with -h 127.0.0.1</div><div><pre style="box-sizing: border-box; overflow: auto; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; padding: 9.5px; margin-top: 0px; margin-bottom: 10px; line-height: 1.428571; color: rgb(51, 51, 51); word-break: break-all; overflow-wrap: break-word; background-color: rgb(245, 245, 245); border: 1px solid rgb(204, 204, 204); border-radius: 4px; caret-color: rgb(51, 51, 51);">Request:

GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0

Host: 127.0.0.1:3128

User-Agent: squidclient/6.6

Accept: */*

Authorization: Basic redacted==

Connection: close

.

HTTP/1.1 403 Forbidden

Server: squid

Mime-Version: 1.0

Date: Thu, 11 Jul 2024 21:18:48 GMT

Content-Type: text/html;charset=utf-8

Content-Length: 3788

X-Squid-Error: ERR_ACCESS_DENIED 0

Vary: Accept-Language

Content-Language: en

Cache-Status: Lee_Family.home.arpa

Cache-Status: Lee_Family.home.arpa;detail=no-cache

Connection: close</pre></div><div><br></div><div>squid -k parse shows </div><div><pre style="box-sizing: border-box; overflow: auto; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; padding: 9.5px; margin-top: 0px; margin-bottom: 10px; line-height: 1.428571; color: rgb(51, 51, 51); word-break: break-all; overflow-wrap: break-word; background-color: rgb(245, 245, 245); border: 1px solid rgb(204, 204, 204); border-radius: 4px; caret-color: rgb(51, 51, 51);">2024/07/11 14:09:27| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)

2024/07/11 14:09:27| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE

2024/07/11 14:09:27| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.

2024/07/11 14:09:27| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'

    OpenSSL-saved error #1: 0x1e08010c

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE

2024/07/11 14:09:27| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE

2024/07/11 14:09:27| Starting Authentication on port 127.0.0.1:3128

2024/07/11 14:09:27| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)

2024/07/11 14:09:27| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.

2024/07/11 14:09:27| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'

    OpenSSL-saved error #1: 0x1e08010c

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE

2024/07/11 14:09:27| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE

2024/07/11 14:09:27| Starting Authentication on port 127.0.0.1:3129

2024/07/11 14:09:27| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)

2024/07/11 14:09:27| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead.

2024/07/11 14:09:27| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'

    OpenSSL-saved error #1: 0x1e08010c

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE

2024/07/11 14:09:27| Processing: tcp_outgoing_address 207.231.82.182

2024/07/11 14:09:27| Processing: icp_port 0

2024/07/11 14:09:27| Processing: digest_generation off

2024/07/11 14:09:27| Processing: dns_v4_first on

2024/07/11 14:09:27| ERROR: Directive 'dns_v4_first' is obsolete.

2024/07/11 14:09:27| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records.

2024/07/11 14:09:27| Processing: pid_filename /var/run/squid/squid.pid

2024/07/11 14:09:27| Processing: cache_effective_user squid

2024/07/11 14:09:27| Processing: cache_effective_group proxy

2024/07/11 14:09:27| Processing: error_default_language en

2024/07/11 14:09:27| Processing: icon_directory /usr/local/etc/squid/icons

2024/07/11 14:09:27| Processing: visible_hostname Lee_Family.home.arpa

2024/07/11 14:09:27| Processing: cache_mgr jonathanlee571@gmail.com

2024/07/11 14:09:27| Processing: access_log /var/squid/logs/access.log

2024/07/11 14:09:27| Processing: cache_log /var/squid/logs/cache.log

2024/07/11 14:09:27| Processing: cache_store_log none

2024/07/11 14:09:27| Processing: netdb_filename /var/squid/logs/netdb.state

2024/07/11 14:09:27| Processing: pinger_enable on

2024/07/11 14:09:27| Processing: pinger_program /usr/local/libexec/squid/pinger

2024/07/11 14:09:27| Processing: sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048

2024/07/11 14:09:27| Processing: tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt

2024/07/11 14:09:27| Processing: tls_outgoing_options capath=/usr/local/share/certs/

2024/07/11 14:09:27| Processing: tls_outgoing_options options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE

2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE

2024/07/11 14:09:27| Processing: tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS

2024/07/11 14:09:27| Processing: sslcrtd_children 10

2024/07/11 14:09:27| Processing: logfile_rotate 7

2024/07/11 14:09:27| Processing: debug_options rotate=7

2024/07/11 14:09:27| Processing: shutdown_lifetime 3 seconds

2024/07/11 14:09:27| Processing: acl localnet src  192.168.1.0/27

2024/07/11 14:09:27| Processing: forwarded_for delete

2024/07/11 14:09:27| Processing: via off

2024/07/11 14:09:27| Processing: httpd_suppress_version_string on

2024/07/11 14:09:27| Processing: uri_whitespace strip

2024/07/11 14:09:27| Processing: acl block_hours time 00:30-05:00

2024/07/11 14:09:27| Processing: ssl_bump terminate all block_hours

2024/07/11 14:09:27| Processing: <b>http_access</b> deny all block_hours

2024/07/11 14:09:27| Processing: acl <b>getmethod</b> method GET

2024/07/11 14:09:27| Processing: acl to_ipv6 dst ipv6

2024/07/11 14:09:27| Processing: acl from_ipv6 src ipv6

2024/07/11 14:09:27| Processing: acl HttpAccess dstdomain "/usr/local/pkg/http.access"

2024/07/11 14:09:27| Processing: acl windowsupdate dstdomain "/usr/local/pkg/windowsupdate"

2024/07/11 14:09:27| Processing: acl rewritedoms dstdomain "/usr/local/pkg/desdom"

2024/07/11 14:09:27| Processing: always_direct allow all

2024/07/11 14:09:27| Processing: refresh_all_ims on

2024/07/11 14:09:27| Processing: reload_into_ims on

2024/07/11 14:09:27| Processing: max_stale 20 years

2024/07/11 14:09:27| Processing: minimum_expiry_time 0

2024/07/11 14:09:27| Processing: refresh_pattern -i ^http.*squid\.internal.* 43200 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth

2024/07/11 14:09:27| UPGRADE: refresh_pattern option 'ignore-must-revalidate' is obsolete. Remove it.

2024/07/11 14:09:27| UPGRADE: refresh_pattern option 'ignore-auth' is obsolete. Remove it.

2024/07/11 14:09:27| Processing: refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

2024/07/11 14:09:27| Processing: refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

2024/07/11 14:09:27| Processing: refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

2024/07/11 14:09:27| Processing: refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

2024/07/11 14:09:27| Processing: refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

2024/07/11 14:09:27| Processing: refresh_pattern -i windowsupdate.com/..(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200  refresh-ims

2024/07/11 14:09:27| Processing: acl https_login url_regex -i ^https.*(login|Login).*

2024/07/11 14:09:27| Processing: cache deny https_login

2024/07/11 14:09:27| Processing: range_offset_limit 512 MB windowsupdate

2024/07/11 14:09:27| Processing: range_offset_limit 4 MB

2024/07/11 14:09:27| Processing: quick_abort_min -1 KB

2024/07/11 14:09:27| Processing: cache_mem 64 MB

2024/07/11 14:09:27| Processing: maximum_object_size_in_memory 256 KB

2024/07/11 14:09:27| Processing: memory_replacement_policy heap GDSF

2024/07/11 14:09:27| Processing: cache_replacement_policy heap LFUDA

2024/07/11 14:09:27| Processing: minimum_object_size 0 KB

2024/07/11 14:09:27| Processing: maximum_object_size 512 MB

2024/07/11 14:09:27| Processing: cache_dir diskd /var/squid/cache 64000 256 256

2024/07/11 14:09:27| Processing: offline_mode off

2024/07/11 14:09:27| Processing: cache_swap_low 90

2024/07/11 14:09:27| Processing: cache_swap_high 95

2024/07/11 14:09:27| Processing: acl donotcache dstdomain "/var/squid/acl/donotcache.acl"

2024/07/11 14:09:27| Processing: cache deny donotcache

2024/07/11 14:09:27| Processing: cache allow all

2024/07/11 14:09:27| Processing: refresh_pattern ^ftp:    1440  20%  10080

2024/07/11 14:09:27| Processing: refresh_pattern ^gopher:  1440  0%  1440

2024/07/11 14:09:27| Processing: refresh_pattern -i (/cgi-bin/|\?) 0  0%  0

2024/07/11 14:09:27| Processing: refresh_pattern .    0  20%  4320

2024/07/11 14:09:27| Processing: acl allsrc src all

2024/07/11 14:09:27| Processing: acl <b>safeports</b> port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 3129 1025-65535

2024/07/11 14:09:27| Processing: acl <b>sslports</b> port 443 563 8080 5223 2197

2024/07/11 14:09:27| Processing: acl purge method PURGE

2024/07/11 14:09:27| Processing: acl connect method CONNECT

2024/07/11 14:09:27| Processing: acl HTTP proto HTTP

2024/07/11 14:09:27| Processing: acl HTTPS proto HTTPS

2024/07/11 14:09:27| Processing: acl step1 at_step SslBump1

2024/07/11 14:09:27| Processing: acl step2 at_step SslBump2

2024/07/11 14:09:27| Processing: acl step3 at_step SslBump3

2024/07/11 14:09:27| Processing: acl banned_hosts src "/var/squid/acl/banned_hosts.acl"

2024/07/11 14:09:27| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"

2024/07/11 14:09:27| Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"

2024/07/11 14:09:27| Processing: <b>http_access</b> allow manager localhost

2024/07/11 14:09:27| Processing: <b>http_access</b> deny manager

2024/07/11 14:09:27| Processing: <b>http_access</b> allow purge localhost

2024/07/11 14:09:27| Processing: <b>http_access</b> deny purge

2024/07/11 14:09:27| Processing: <b>http_access</b> deny !safeports

2024/07/11 14:09:27| Processing: <b>http_access</b> deny CONNECT !sslports

2024/07/11 14:09:27| Processing: <b>http_access</b> allow localhost

2024/07/11 14:09:27| Processing: quick_abort_min 0 KB

2024/07/11 14:09:27| Processing: quick_abort_max 0 KB

2024/07/11 14:09:27| Processing: quick_abort_pct 95

2024/07/11 14:09:27| Processing: request_body_max_size 0 KB

2024/07/11 14:09:27| Processing: delay_pools 1

2024/07/11 14:09:27| Processing: delay_class 1 2

2024/07/11 14:09:27| Processing: delay_parameters 1 -1/-1 -1/-1

2024/07/11 14:09:27| Processing: delay_initial_bucket_level 100

2024/07/11 14:09:27| Processing: delay_access 1 allow allsrc

2024/07/11 14:09:27| Processing: deny_info TCP_RESET allsrc

2024/07/11 14:09:27| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf

2024/07/11 14:09:27| Processing: url_rewrite_bypass off

2024/07/11 14:09:27| Processing: url_rewrite_children 32 startup=8 idle=4 concurrency=0

2024/07/11 14:09:27| Processing: <b>http_access</b> deny banned_hosts

2024/07/11 14:09:27| Processing: <b>http_access</b> allow whitelist

2024/07/11 14:09:27| Processing: <b>http_access</b> deny blacklist

2024/07/11 14:09:27| Processing: request_header_access X-GoogApps-Allowed-Domains deny all

2024/07/11 14:09:27| Processing: request_header_add X-GoogApps-Allowed-Domains consumer_accounts

2024/07/11 14:09:27| Processing: acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com

2024/07/11 14:09:27| Processing: request_header_access YouTube-Restrict deny all

2024/07/11 14:09:27| Processing: request_header_add YouTube-Restrict none youtubedst

2024/07/11 14:09:27| Processing: acl sglog url_regex -i sgr=ACCESSDENIED

2024/07/11 14:09:27| Processing: <b>http_access</b> deny sglog

2024/07/11 14:09:27| Processing: <b>http_access</b> deny !safeports

2024/07/11 14:09:27| Processing: <b>http_access</b> deny CONNECT !sslports

2024/07/11 14:09:27| Processing: <b>http_access</b> allow localhost manager

2024/07/11 14:09:27| Processing: <b>http_access</b> deny manager

2024/07/11 14:09:27| Processing: cachemgr_passwd disable offline_toggle reconfigure shutdown

2024/07/11 14:09:27| Processing: cachemgr_passwd redacted all

2024/07/11 14:09:27| Processing: eui_lookup on

2024/07/11 14:09:27| Processing: acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\?

2024/07/11 14:09:27| Processing: acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat

2024/07/11 14:09:27| Processing: acl CONNECT method CONNECT

2024/07/11 14:09:27| Processing: acl wuCONNECT dstdomain www.update.microsoft.com

2024/07/11 14:09:27| Processing: acl wuCONNECT dstdomain sls.microsoft.com

2024/07/11 14:09:27| Processing:<b> http_access </b>allow CONNECT wuCONNECT localnet

2024/07/11 14:09:27| Processing: <b>http_access</b> allow CONNECT wuCONNECT localhost

2024/07/11 14:09:27| Processing: <b>http_access</b> allow windowsupdate localnet

2024/07/11 14:09:27| Processing: <b>http_access</b> allow windowsupdate localhost

2024/07/11 14:09:27| Processing: <b>http_access</b> allow HttpAccess localnet

2024/07/11 14:09:27| Processing: <b>http_access</b> allow HttpAccess localhost

2024/07/11 14:09:27| Processing: <b>http_access</b> deny manager

2024/07/11 14:09:27| Processing: <b>http_access</b> deny to_ipv6

2024/07/11 14:09:27| Processing: <b>http_access</b> deny from_ipv6

2024/07/11 14:09:27| Processing: acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken"

2024/07/11 14:09:27| Processing: acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH

2024/07/11 14:09:27| Processing: sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch

2024/07/11 14:09:27| Processing: sslproxy_cert_error deny all

2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.8 #Tasha iPhone

2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.10 #Jon iPhone

2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.11 #Amazon Fire

2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.15 #Tasha HP

2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.16 #iPad

2024/07/11 14:09:27| Processing: acl splice_only_mac arp 

2024/07/11 14:09:27| Processing: acl splice_only_mac arp 

2024/07/11 14:09:27| Processing: acl splice_only_mac arp 

2024/07/11 14:09:27| Processing: acl splice_only_mac arp 

2024/07/11 14:09:27| Processing: acl splice_only_mac arp 

2024/07/11 14:09:27| Processing: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump"

2024/07/11 14:09:27| Processing: acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump"

2024/07/11 14:09:27| Processing: acl markBumped annotate_client bumped=true

2024/07/11 14:09:27| Processing: acl active_use annotate_client active=true

2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.3 #webtv

2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.4 #toshiba

2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.5 #imac

2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.9 #macbook

2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.13 #dell

2024/07/11 14:09:27| Processing: acl bump_only_mac arp 

2024/07/11 14:09:27| Processing: acl bump_only_mac arp 

2024/07/11 14:09:27| Processing: acl bump_only_mac arp 

2024/07/11 14:09:27| Processing: acl bump_only_mac arp 

2024/07/11 14:09:27| Processing: acl bump_only_mac arp 

2024/07/11 14:09:27| Processing: sslproxy_cert_sign signTrusted bump_only_mac

2024/07/11 14:09:27| Processing: ssl_bump peek step1

2024/07/11 14:09:27| Processing: miss_access deny no_miss active_use

2024/07/11 14:09:27| Processing: ssl_bump splice https_login active_use

2024/07/11 14:09:27| Processing: ssl_bump splice splice_only_mac splice_only active_use

2024/07/11 14:09:27| Processing: ssl_bump splice NoBumpDNS active_use

2024/07/11 14:09:27| Processing: ssl_bump splice NoSSLIntercept active_use

2024/07/11 14:09:27| Processing: ssl_bump bump bump_only_mac bump_only active_use

2024/07/11 14:09:27| Processing: acl activated note active_use true

2024/07/11 14:09:27| Processing: ssl_bump terminate !activated

2024/07/11 14:09:27| Processing: shutdown_lifetime 1 seconds

2024/07/11 14:09:27| Processing: negative_dns_ttl 5 minutes

2024/07/11 14:09:27| Processing: <b>http_access</b> allow localnet

2024/07/11 14:09:27| Processing: <b>http_access</b> deny allsrc

2024/07/11 14:09:27| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP

2024/07/11 14:09:27| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP

2024/07/11 14:09:27| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP

2024/07/11 14:09:27| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP

2024/07/11 14:09:27| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP

2024/07/11 14:09:27| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP

2024/07/11 14:09:27| WARNING: HTTP requires the use of Via

2024/07/11 14:09:27| Requiring client certificates.

2024/07/11 14:09:28| Loaded signing certificate: /CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse

2024/07/11 14:09:29| Not requiring any client certificates

2024/07/11 14:09:29| Loaded signing certificate: /CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse

2024/07/11 14:09:30| Not requiring any client certificates

2024/07/11 14:09:30| Loaded signing certificate: /CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse

2024/07/11 14:09:30| Not requiring any client certificates</pre></div><div><br><blockquote type="cite"><div>On Jul 11, 2024, at 13:16, Amos Jeffries <squid3@treenet.co.nz> wrote:</div><br class="Apple-interchange-newline"><div><div><br>Lets see ...<br><br>>>> On Jul 11, 2024, at 11:02, Jonathan Lee wrote:<br>>>>     Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted<br>>>>     mgr:info<br>>>><br>>>> Request:<br>>>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0<br>>>> Host: 127.0.0.1:3128<br>>>> User-Agent: squidclient/6.6<br>>>> Accept: */*<br>>>> Authorization: Basic YWRtaW4..REDACTED..Q==<br>>>> Connection: close<br><br><br>On 12/07/24 06:12, Jonathan Lee wrote:<br><blockquote type="cite">http_access allow CONNECT wuCONNECT localnet<br>http_access allow CONNECT wuCONNECT localhost<br></blockquote><br><br> ... GET is not CONNECT. Skip the above.<br><br><br><blockquote type="cite">http_access allow windowsupdate localnet<br>http_access allow windowsupdate localhost<br></blockquote><br><br> ... 127.0.0.1 is not in *.microsoft.com. Skip the above.<br><br><br><blockquote type="cite">http_access allow HttpAccess localnet<br>http_access allow HttpAccess localhost<br></blockquote><br><br> ... 127.0.0.1 is not listed in /usr/local/pkg/http.access. Skip the above.<br><br><br><blockquote type="cite">http_access deny manager<br></blockquote><br><br> ... /squid-internal-mgr/ matches.  DENY the request.<br><br><br>Problem solved.<br><br>What you should do is restore the default security settings which we ship with Squid.<br><br>Place these above your custom http_access lines:<br><br>  http_access deny !Safe_ports<br>  http_access deny CONNECT !SSL_ports<br>  http_access allow localhost manager<br>  http_access deny manager<br><br><br>see <https://wiki.squid-cache.org/Releases/Squid-5> for the ACL details if you need them too.<br><br><br><br>Amos<br>_______________________________________________<br>squid-users mailing list<br>squid-users@lists.squid-cache.org<br>https://lists.squid-cache.org/listinfo/squid-users<br></div></div></blockquote></div><br></div></div></div></body></html>