RE: [squid-users] Squid & SSL on Windows

From: Patrick Jones <[email protected]>
Date: Tue, 28 Mar 2006 10:48:02 -0500

Thanks for the fast reply.

I have running on a Windows 2003 server, Squid 2.5-STABLE13-NT. I would post
browser error messages, but I do not get any, the browser just sits there
(Firefox 1.5 and IE 6)...There is nothing in the access log in regards to
https requests. It only shows http.

This is what was in the cache.log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2006/03/28 10:35:49| Starting Squid Cache version 2.5.STABLE13-NT for
i686-pc-winnt...
2006/03/28 10:35:49| Running as SquidNT Windows System Service on Windows
Server 2003
2006/03/28 10:35:49| Service command line is:
2006/03/28 10:35:49| Process ID 484
2006/03/28 10:35:49| With 2048 file descriptors available
2006/03/28 10:35:49| With 2048 CRT stdio descriptors available
2006/03/28 10:35:49| Windows sockets initialized
2006/03/28 10:35:49| Performing DNS Tests...
2006/03/28 10:35:49| Successful DNS name lookup tests...
2006/03/28 10:35:49| DNS Socket created at 0.0.0.0, port 2527, FD 5
2006/03/28 10:35:49| Adding nameserver xxx.xxx.xxx.xxx from squid.conf
2006/03/28 10:35:49| Adding nameserver xxx.xxx.xxx.xxx from squid.conf
2006/03/28 10:35:49| User-Agent logging is disabled.
2006/03/28 10:35:49| Referer logging is disabled.
2006/03/28 10:35:49| Unlinkd pipe opened on FD 8
2006/03/28 10:35:49| Swap maxSize 102400 KB, estimated 7876 objects
2006/03/28 10:35:49| Target number of buckets: 393
2006/03/28 10:35:49| Using 8192 Store buckets
2006/03/28 10:35:49| Max Mem size: 8192 KB
2006/03/28 10:35:49| Max Swap size: 102400 KB
2006/03/28 10:35:49| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2006/03/28 10:35:49| Rebuilding storage in c:/squid/var/cache (CLEAN)
2006/03/28 10:35:49| Using Least Load store dir selection
2006/03/28 10:35:49| Set Current Directory to c:/squid/var/cache
2006/03/28 10:35:49| Loaded Icons.
2006/03/28 10:35:49| Accepting HTTP connections at 0.0.0.0, port 3128, FD
14.
2006/03/28 10:35:49| Accepting ICP messages at 0.0.0.0, port 3130, FD 15.
2006/03/28 10:35:49| Accepting HTCP messages on port 4827, FD 16.
2006/03/28 10:35:49| Accepting SNMP messages on port 3401, FD 17.
2006/03/28 10:35:49| Ready to serve requests.
2006/03/28 10:35:50| Done reading c:/squid/var/cache swaplog (752 entries)
2006/03/28 10:35:50| Finished rebuilding storage from disk.
2006/03/28 10:35:50| 752 Entries scanned
2006/03/28 10:35:50| 0 Invalid entries.
2006/03/28 10:35:50| 0 With invalid flags.
2006/03/28 10:35:50| 752 Objects loaded.
2006/03/28 10:35:50| 0 Objects expired.
2006/03/28 10:35:50| 0 Objects cancelled.
2006/03/28 10:35:50| 0 Duplicate URLs purged.
2006/03/28 10:35:50| 0 Swapfile clashes avoided.
2006/03/28 10:35:50| Took 0.3 seconds (2676.2 objects/sec).
2006/03/28 10:35:50| Beginning Validation Procedure
2006/03/28 10:35:50| Completed Validation Procedure
2006/03/28 10:35:50| Validated 752 Entries
2006/03/28 10:35:50| store_swap_size = 6832k
2006/03/28 10:35:50| storeLateRelease: released 0 objects

This is the relevant info from my conf file:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
dns_nameservers xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl pc src xxx.xxx.xxx.xxx
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow blackrock
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname sub.domain.tld
header_replace Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;rv:1.7)
Gecko/20040707 Firefox/0.9.2
coredump_dir c:/squid/var/cache

Everything seems correct...Thanks.

~PJ

-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@gmail.com]
Sent: Tuesday, March 28, 2006 10:28 AM
To: Patrick Jones
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid & SSL on Windows

> What options do I have to allow https traffic through Squid running,
> on Windows 2003 box?

  - Please clarify, standard ssl sites will work , through Windows-SQUID
fine.
If it doesn't work for you; then :

   - post browser error message(s)
   - relevant entries from access.log
   - additional info from cache.log (if any).

>
> Is this something that I can build? Can I build squid with ssl support
> in cygwin? Or is the only option at this point in time to use
> unix/linux as OS to run Squid?
>

 M.
Received on Tue Mar 28 2006 - 08:48:07 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST