Squid3 intercept proxy

If none of the more specific forums is the right place to ask

Squid3 intercept proxy

Postby corsairetc » 2017-04-25 09:05

Hello comunity,
Doe's any one here skills with squid3 transparent proxy configuration ? I just stuck with configuration on dead point :-)
I attach my squid.conf and error line.

Squid.conf
Code: Select all
http_port 3128 intercept
http_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key

#always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
#sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

#acl localhost src 127.0.0.1/32 # Localhost
acl proxy_net src 10.10.10.0/28  # Proxy vlan on eth1.2

acl SSL_ports port 443

acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 1025-65535  # unregistered ports

acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

#####################################################################
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS !!!#
#####################################################################

# Privacy settings tell nozhing about browser and os
forwarded_for off
via off
follow_x_forwarded_for deny all
request_header_access From deny all
request_header_access Referer deny all
request_header_access User-Agent deny all

## squidGuard url filter
url_rewrite_program /usr/bin/squidGuard

acl block_url dstdomain "/etc/squid3/BlockDomains.acl"

http_access deny block_url
http_access allow proxy_net
http_access allow localhost
http_access deny all

# Cache folder on disk 4 GB
cache_dir ufs /var/spool/squid_cache 4096 16 256

# Maxim objects in cache eg. linux dvd
maximum_object_size 2048 MB

# Interent speed shaping 3Mb
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 380000/384000 # 512 kbits == 64 kbytes per second

# Refresh pattern's

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600       90%     43200
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

# Maximum memory usage
cache_mem 128 MB

# Manager of cache on debian
cache_mgr filip.maroul@mesa-parts.cz

visible_hostname ItHelp_Proxy

# logging
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
cache_effective_user proxy
cache_effective_group proxy


systemctl status:
Code: Select all
Bungled /etc/squid3/squid.conf line 2: http_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key
corsairetc
 
Posts: 69
Joined: 2014-11-14 05:30

Re: Squid3 intercept proxy

Postby levlaz » 2017-04-28 00:52

Do these two files exist and have the correct permissions? cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key

Is there any additional information in the squid logs?
Best,

Lev
Blog
User avatar
levlaz
 
Posts: 179
Joined: 2012-09-27 12:06
Location: San Francisco, CA


Return to General Questions

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable