LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Blogs > ted_chou12
User Name
Password

Notices


Rate this Entry

Squid3.5

Posted 11-26-2019 at 07:23 PM by ted_chou12

Code:
sudo apt-get install build-essential sharutils ccze libzip-dev libssl-dev
sudo apt-get install devscripts build-essential fakeroot
sudo apt-get install libssl-dev libcrypto++-dev  libssl1.0-dev
sudo apt source squid3
cd squid3-3.5.xxx
vi debian/rules
# add the lines
# --enable-ssl \
# --enable-ssl-crtd \
./configure
fakeroot debian/rules binary
make
make install
Posted in Uncategorized
Views 3624 Comments 3
« Prev     Main     Next »
Total Comments 3

Comments

  1. Old Comment

    squid.conf

    Code:
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow all
    #dns_v4_first on
    #http_access allow purge localhost
    #http_access deny purge
    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #
    always_direct allow all
    #ssl_bump client-first all  
    sslproxy_cert_error allow all  
    sslproxy_flags DONT_VERIFY_PEER  
    sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 
    #sslproxy_cipher HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
    acl step1 at_step SslBump1
    ssl_bump peek step1
    ssl_bump bump all
    #ssl_bump bump monitoredSites !serverIsBank
    #ssl_bump terminate blocked_https
    #ssl_bump splice all
    #http_access allow localnet
    #http_access allow localhost
    request_header_add X-GoogApps-Allowed-Domains "hennge.com" all
    #request_header_add Test "Value" all
    coredump_dir /var/spool/squid
    Have some troubles with this ver of conf
    Posted 11-26-2019 at 07:25 PM by ted_chou12 ted_chou12 is offline
  2. Old Comment
    Squid Windows
    Code:
    #
    # Recommended minimum configuration:
    #
    
    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    
    acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
    acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
    acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    
    acl SSL_ports port 443
    acl Safe_ports port 80		# http
    acl Safe_ports port 21		# ftp
    acl Safe_ports port 443		# https
    acl Safe_ports port 70		# gopher
    acl Safe_ports port 210		# wais
    acl Safe_ports port 1025-65535	# unregistered ports
    acl Safe_ports port 280		# http-mgmt
    acl Safe_ports port 488		# gss-http
    acl Safe_ports port 591		# filemaker
    acl Safe_ports port 777		# multiling http
    acl CONNECT method CONNECT
    
    #
    # Recommended minimum Access Permission configuration:
    #
    
    # Only allow cachemgr access from localhost
    http_access allow localhost manager
    http_access deny manager
    
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports
    
    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports
    
    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost
    
    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #
    
    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost
    
    always_direct allow all
    ssl_bump server-first all
    sslproxy_cert_error deny all
    sslproxy_flags DONT_VERIFY_PEER
    sslcrtd_program /lib/squid/ssl_crtd -s /usr/share/squid/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1
    
    acl step1 at_step SslBump1
    
    ssl_bump peek step1
    ssl_bump bump all
    
    # And finally deny all other access to this proxy
    http_access deny all
    
    # Squid normally listens to port 3128
    http_port 3128
    http_port 3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/ssl_cert/google.com.private cert=/etc/squid/ssl_cert/google.com.cert
    
    # Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.
    #cache_dir aufs /cygdrive/d/squid/cache 3000 16 256
    
    # Leave coredumps in the first cache dir
    coredump_dir /var/cache/squid
    
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:		1440	20%	10080
    refresh_pattern ^gopher:	1440	0%	1440
    refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    refresh_pattern .		0	20%	4320
    
    request_header_add X-GoogApps-Allowed-Domains "hennge.com"  all
    
    dns_nameservers 8.8.8.8 208.67.222.222
    
    max_filedescriptors 3200
    Need to initialize the SSL DB:
    Posted 11-27-2019 at 09:17 AM by ted_chou12 ted_chou12 is offline
  3. Old Comment
    Squid Windows
    Quote:
    2019/11/27 23:20:28 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument
    (ssl_crtd): Uninitialized SSL certificate database directory: /usr/share/squid/ssl_db. To initialize, run "ssl_crtd -c -s /usr/share/squid/ssl_db".
    Code:
    C:\Squid\lib\squid\ssl_crtd -c -s C:\Squid\usr\share\squid\ssl_db
    Posted 11-27-2019 at 09:22 AM by ted_chou12 ted_chou12 is offline
    Updated 11-28-2019 at 11:08 AM by ted_chou12
 

  



All times are GMT -5. The time now is 03:10 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration