Re: SSL with Squid 2.2 Stable 5 with FreeBSD 3.4 - RELEASE

Hello,

I used to have SSL problem but I can solved it by adding these
configurations in my squid.conf

###
acl SSL_access url_regex ^https:// ^:443 ^:563 https:// :443 :563
always_direct allow SSL_access
cache_peer parent.proxy parent 3128 3130
cache_peer_access parent.proxy deny SSL_access
###

As far as I know, these make squid's always go direct to the origin site
when trying to connect to SSL ports and to make sure that the SSL site will
not requested from parent proxy.

Below is the log result from squid's log when I trying to reach :
https://www.bankbii.com
947954097.060 52355 x.x.x.x TCP_MISS/000 0 GET http://www.bankbii.com:443/
- DIRECT/www.bankbii.com -
947954113.096 9677 x.x.x.x TCP_MISS/000 4697 CONNECT www.bankbii.com:443
- DIRECT/www.bankbii.com -

Ok, hope it can be useful.

|assa|

At 10:54 1/15/00 -0500, you wrote:
> I recently installed squid and i'm having some trouble getting ssl to work.
>I've looked at the FAQ and tried that 3 line config to enable the new
>options for SSL in 2.x series and nothing happens. FUnny thing is I can
>access one 128-Bit ie (www.pcbanking.cibc.com) and not another
>(www.ingdirect.ca) are they running something different that I don't knoiw
>about? I've also checked the logs and they seem to be fine (nothing out of
>the ordinary ) this is my config file right now..
>
>http_port 3128
>cache_dir /usr/local/squid/cache 100 16 256
>cache_access_log /usr/local/squid/logs/access.log
>cache_store_log /usr/local/squid/logs/store.log
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl SSL_ports port 443 563
>acl Safe_ports port 80 21 443 563 70 210 1025-65535
>acl CONNECT method CONNECT
>http_access allow manager localhost
>http_access deny manager
>http_access allow !Safe_ports
>http_access allow CONNECT !SSL_ports
>acl inside src 192.168.0.0/255.255.255.0
>acl all src 0.0.0.0/0.0.0.0
>http_access allow inside
>http_access deny all
>icp_access allow all
>miss_access allow all
>cache_effective_user nobody
>cache_effective_group nobody
>
>-----Original Message-----
>From: Duane Wessels [mailto:wessels@ircache.net]
>Sent: Wednesday, January 05, 2000 1:20 PM
>To: Anthony Hinsinger
>Cc: squid-users@ircache.net
>Subject: Re: squid very slow
>
>
>
>
>On Wed, 5 Jan 2000, Anthony Hinsinger wrote:
>
>> Hello, and happy new year
>>
>> I've some problem with squid (2.2STABLE5 on a redhat 6.0 kernel 2.2.13)
>>
>> After some hours of running, cache request are very very very slow
>> i must restart it and it run correctly for some hours
>>
>>
>> my system:
>> Ppro 200 + 128Mo EDO + Adaptec 2940 Ultra 2 SCSI controller
>> 1 x 4.3Go IDE for system
>> 1 x 9Go SCSI for cache hierarchy
>> 1 x 35Go SCSI for cache hierarchy
>>
>> Any ideas ?
>> what is the user number limitation for this type of configuration ?
>
>Check the FAQ, question #11.17:
>
>http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.17
>
>Duane W.
>

Best Regards,

| Nielson Assa |
E : assa@manado.wasantara.net.id
H : http://assa.wasantara.com/
P : +62.431.850822. Ext. 1.
Received on Sat Jan 15 2000 - 09:59:28 MST