[squid-users] never_direct allow all causing 'ERROR 500: Internal Server Error'
Lei Wen
leiwen14 at gmail.com
Wed Aug 2 19:49:59 UTC 2017
Hi,
I am setting up the transparent HTTP/HTTPS proxy cluster with whiltelist
only, and stuck at having issue 'ERROR 500: Internal Server Error'. After
couple days tuning and digging, I narrow down the problem to directive
'never_direct'.
After removing this line, the error message is gone. But seems sibling
cache will only work for HTTP, HTTPS will not go to sibling.
Here is my squid.conf snapshot.
http_port 3130
http_port 3128 intercept
acl allowed_http_sites dstdomain "/etc/squid3/whitelist.txt"
http_access allow allowed_http_sites
https_port 3129 cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key
ssl-bump intercept generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
acl SSL_port port 443
http_access allow SSL_port
acl allowed_https_sites ssl::server_name "/etc/squid3/ssl_sites.txt"
http_access deny all
sslcrtd_program /lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1
ssl_bump stare step2 allowed_https_sites
ssl_bump bump step3
ssl_bump terminate step2 all
acl container_net src 172.18.0.0/24
tcp_outgoing_address 10.0.8.41 container_net
udp_outgoing_address 10.0.8.41 container_net
http_access allow container_net
cache_peer 10.0.8.48 sibling 3130 3131 ssl sslcafile=/etc/ca.pem
sslflags=NO_DEFAULT_CA ssloptions=NO_SSLv3
icp_port 3131
icp_access allow all
never_direct allow all
# Uncomment and adjust the following to add a disk cache directory.
hosts_file /etc/hosts
cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid3 40000 16 256
maximum_object_size 32 MB
log_icp_queries off
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3
Thanks,
Lei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170802/ecaa3f9e/attachment.html>
More information about the squid-users
mailing list