Doe's any one here skills with squid3 transparent proxy configuration ? I just stuck with configuration on dead point
I attach my squid.conf and error line.
Squid.conf
Code: Select all
http_port 3128 intercept
http_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key
#always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
#sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
#acl localhost src 127.0.0.1/32 # Localhost
acl proxy_net src 10.10.10.0/28 # Proxy vlan on eth1.2
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#####################################################################
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS !!!#
#####################################################################
# Privacy settings tell nozhing about browser and os
forwarded_for off
via off
follow_x_forwarded_for deny all
request_header_access From deny all
request_header_access Referer deny all
request_header_access User-Agent deny all
## squidGuard url filter
url_rewrite_program /usr/bin/squidGuard
acl block_url dstdomain "/etc/squid3/BlockDomains.acl"
http_access deny block_url
http_access allow proxy_net
http_access allow localhost
http_access deny all
# Cache folder on disk 4 GB
cache_dir ufs /var/spool/squid_cache 4096 16 256
# Maxim objects in cache eg. linux dvd
maximum_object_size 2048 MB
# Interent speed shaping 3Mb
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 380000/384000 # 512 kbits == 64 kbytes per second
# Refresh pattern's
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320
# Maximum memory usage
cache_mem 128 MB
# Manager of cache on debian
cache_mgr filip.maroul@mesa-parts.cz
visible_hostname ItHelp_Proxy
# logging
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
cache_effective_user proxy
cache_effective_group proxy
Code: Select all
Bungled /etc/squid3/squid.conf line 2: http_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key