squid sites sometimes don't load completely help pls

makazo

Hello everyone, dear forum members.

In splice all mode, some sites open and images do not load and some sites get ERR_SSL_PROTOCOL_ERROR error, I do not do anything from the system, the error is fixed after 1-2 minutes.

I have a squid acl whitelist
I have a dnsbl whitelist
I have a squidguard whitelist

These 5-10 websites I mentioned are still on my whitelist, it does not matter, I can experience problems momentarily.

after 1-2 min later

After 1-2 minutes the website automatically recovers, this is done by Squid.
Of course, I don't get this error all the time, for example, it occurs 3-4 times a day.

JonathanLee

What is your memory pools set as?

makazo

This post is deleted!

makazo

@JonathanLee

Hello, I don't quite understand what you mean? Did you mean this?

JonathanLee

@makazo set your memory back 64MB your not caching your only using URL blocking you could even disable caching completely that would solve it also. Are you caching and accelerating ? I do this however for URL blocking you do not need this to be enabled.

makazo

@JonathanLee OK, I set it to 64mb as you said. Do I need to disable cache in the local cache area?

JonathanLee

@makazo yes disable it, if you just need url blocking you can turn that off. It’s very complex to get running correctly.

makazo

@JonathanLee OK, I will try it this way, if there is a solution, I will write it here, thank you, and I will inform you about the situation again.

makazo

@JonathanLee Hello, I did what you said , but the problem still persists.

JonathanLee

@makazo are you using custom config? Or just set to splice all?

makazo

@JonathanLee I use the splice all mode. When I use the custom mode, the phones on the network experience problems. If you have special configuration settings for custom mode, I can try them if you share them.

JonathanLee

@makazo I have certificates installed on all of the devices I own, however it splices the devices I do not own and it works perfectly. What is it listening on? Loopback and interface ??

JonathanLee

@makazo if you run squid -k parse what is the output?

makazo

This post is deleted!

makazo

@JonathanLee 2024/11/08 12:03:55| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/11/08 12:03:55| Processing: http_port 192.168.2.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| Starting Authentication on port 127.0.0.1:3128
2024/11/08 12:03:55| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| Starting Authentication on port 127.0.0.1:3129
2024/11/08 12:03:55| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: icp_port 0
2024/11/08 12:03:55| Processing: digest_generation off
2024/11/08 12:03:55| Processing: dns_v4_first on
2024/11/08 12:03:55| ERROR: Directive 'dns_v4_first' is obsolete.
2024/11/08 12:03:55| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records.
2024/11/08 12:03:55| Processing: pid_filename /var/run/squid/squid.pid
2024/11/08 12:03:55| Processing: cache_effective_user squid
2024/11/08 12:03:55| Processing: cache_effective_group proxy
2024/11/08 12:03:55| Processing: error_default_language en
2024/11/08 12:03:55| Processing: icon_directory /usr/local/etc/squid/icons
2024/11/08 12:03:55| Processing: visible_hostname localhost
2024/11/08 12:03:55| Processing: cache_mgr admin@localhost
2024/11/08 12:03:55| Processing: access_log /var/squid/logs/access.log
2024/11/08 12:03:55| Processing: cache_log /var/squid/logs/cache.log
2024/11/08 12:03:55| Processing: cache_store_log none
2024/11/08 12:03:55| Processing: netdb_filename /var/squid/logs/netdb.state
2024/11/08 12:03:55| Processing: pinger_enable on
2024/11/08 12:03:55| Processing: pinger_program /usr/local/libexec/squid/pinger
2024/11/08 12:03:55| Processing: sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048
2024/11/08 12:03:55| Processing: tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt
2024/11/08 12:03:55| Processing: tls_outgoing_options capath=/usr/local/share/certs/
2024/11/08 12:03:55| Processing: tls_outgoing_options options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS
2024/11/08 12:03:55| Processing: sslcrtd_children 5
2024/11/08 12:03:55| Processing: logfile_rotate 5
2024/11/08 12:03:55| Processing: debug_options rotate=5
2024/11/08 12:03:55| Processing: shutdown_lifetime 3 seconds
2024/11/08 12:03:55| Processing: acl localnet src 192.168.2.0/24
2024/11/08 12:03:55| Processing: forwarded_for on
2024/11/08 12:03:55| Processing: uri_whitespace strip
2024/11/08 12:03:55| Processing: refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i microsoft.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i windows.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i microsoft.com.akadns.net/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i deploy.akamaitechnologies.com/.*.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: cache_mem 256 MB
2024/11/08 12:03:55| Processing: maximum_object_size_in_memory 1024 KB
2024/11/08 12:03:55| Processing: memory_replacement_policy heap GDSF
2024/11/08 12:03:55| Processing: cache_replacement_policy heap LFUDA
2024/11/08 12:03:55| Processing: minimum_object_size 0 KB
2024/11/08 12:03:55| Processing: maximum_object_size 4 MB
2024/11/08 12:03:55| Processing: cache_dir ufs /var/squid/cache 100 16 256
2024/11/08 12:03:55| Processing: offline_mode off
2024/11/08 12:03:55| Processing: cache_swap_low 90
2024/11/08 12:03:55| Processing: cache_swap_high 95
2024/11/08 12:03:55| Processing: cache allow all
2024/11/08 12:03:55| Processing: refresh_pattern ^ftp: 1440 20% 10080
2024/11/08 12:03:55| Processing: refresh_pattern ^gopher: 1440 0% 1440
2024/11/08 12:03:55| Processing: refresh_pattern -i (/cgi-bin/|?) 0 0% 0
2024/11/08 12:03:55| Processing: refresh_pattern . 0 20% 4320
2024/11/08 12:03:55| Processing: acl allsrc src all
2024/11/08 12:03:55| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
2024/11/08 12:03:55| Processing: acl sslports port 443 563
2024/11/08 12:03:55| Processing: acl purge method PURGE
2024/11/08 12:03:55| Processing: acl connect method CONNECT
2024/11/08 12:03:55| Processing: acl HTTP proto HTTP
2024/11/08 12:03:55| Processing: acl HTTPS proto HTTPS
2024/11/08 12:03:55| Processing: acl step1 at_step SslBump1
2024/11/08 12:03:55| Processing: acl step2 at_step SslBump2
2024/11/08 12:03:55| Processing: acl step3 at_step SslBump3
2024/11/08 12:03:55| Processing: acl allowed_subnets src 192.168.2.1/24 192.168.2.0/24
2024/11/08 12:03:55| WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '192.168.2.1/24'
2024/11/08 12:03:55| WARNING: (B) '192.168.2.0/24' is a subnetwork of (A) '192.168.2.0/24'
2024/11/08 12:03:55| WARNING: because of this '192.168.2.0/24' is ignored to keep splay tree searching predictable
2024/11/08 12:03:55| WARNING: You should probably remove '192.168.2.0/24' from the ACL named 'allowed_subnets'
2024/11/08 12:03:55| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2024/11/08 12:03:55| Processing: http_access allow manager localhost
2024/11/08 12:03:55| Processing: http_access deny manager
2024/11/08 12:03:55| Processing: http_access allow purge localhost
2024/11/08 12:03:55| Processing: http_access deny purge
2024/11/08 12:03:55| Processing: http_access deny !safeports
2024/11/08 12:03:55| Processing: http_access deny CONNECT !sslports
2024/11/08 12:03:55| Processing: http_access allow localhost
2024/11/08 12:03:55| Processing: request_body_max_size 0 KB
2024/11/08 12:03:55| Processing: delay_pools 1
2024/11/08 12:03:55| Processing: delay_class 1 2
2024/11/08 12:03:55| Processing: delay_parameters 1 -1/-1 -1/-1
2024/11/08 12:03:55| Processing: delay_initial_bucket_level 100
2024/11/08 12:03:55| Processing: delay_access 1 allow allsrc
2024/11/08 12:03:55| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
2024/11/08 12:03:55| Processing: url_rewrite_bypass off
2024/11/08 12:03:55| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2024/11/08 12:03:55| Processing: http_access allow whitelist
2024/11/08 12:03:55| Processing: acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
2024/11/08 12:03:55| Processing: request_header_access YouTube-Restrict deny all
2024/11/08 12:03:55| Processing: request_header_add YouTube-Restrict none youtubedst
2024/11/08 12:03:55| Processing: ssl_bump peek step1
2024/11/08 12:03:55| Processing: ssl_bump splice all
2024/11/08 12:03:55| Processing: http_access allow allowed_subnets
2024/11/08 12:03:55| Processing: http_access allow localnet
2024/11/08 12:03:55| Processing: http_access deny allsrc
2024/11/08 12:03:55| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2024/11/08 12:03:55| Requiring client certificates.
2024/11/08 12:03:55| Loaded signing certificate: /CN=internal-ca/C=TR/ST=Istanbul/L=Atasehir/O=NA/OU=IT
2024/11/08 12:03:55| Not requiring any client certificates
2024/11/08 12:03:55| Loaded signing certificate: /CN=internal-ca/C=TR/ST=Istanbul/L=Atasehir/O=NA/OU=IT
2024/11/08 12:03:55| Not requiring any client certificates
2024/11/08 12:03:55| Loaded signing certificate: /CN=internal-ca/C=TR/ST=Istanbul/L=Atasehir/O=NA/OU=IT
2024/11/08 12:03:55| Not requiring any client certificates

Since I used the split all mode, I did not install a certificate on any device.

JonathanLee

@makazo said in squid sites sometimes don't load completely help pls:

cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c

Try to regenerate certificates for your equipment it looks to be mixed up..

makazo

@JonathanLee I put my mod in custom mode and re-wrote the certificate. I'll try it a bit and I'll let you know again depending on the situation.

2024/11/17 12:44:10| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/11/17 12:44:10| Processing: http_port 192.168.2.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/17 12:44:10| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| Starting Authentication on port 127.0.0.1:3128
2024/11/17 12:44:10| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/11/17 12:44:10| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/17 12:44:10| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| Starting Authentication on port 127.0.0.1:3129
2024/11/17 12:44:10| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/11/17 12:44:10| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead.
2024/11/17 12:44:10| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: icp_port 0
2024/11/17 12:44:10| Processing: digest_generation off
2024/11/17 12:44:10| Processing: dns_v4_first on
2024/11/17 12:44:10| ERROR: Directive 'dns_v4_first' is obsolete.
2024/11/17 12:44:10| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records.
2024/11/17 12:44:10| Processing: pid_filename /var/run/squid/squid.pid
2024/11/17 12:44:10| Processing: cache_effective_user squid
2024/11/17 12:44:10| Processing: cache_effective_group proxy
2024/11/17 12:44:10| Processing: error_default_language en
2024/11/17 12:44:10| Processing: icon_directory /usr/local/etc/squid/icons
2024/11/17 12:44:10| Processing: visible_hostname localhost
2024/11/17 12:44:10| Processing: cache_mgr admin@localhost
2024/11/17 12:44:10| Processing: access_log /var/squid/logs/access.log
2024/11/17 12:44:10| Processing: cache_log /var/squid/logs/cache.log
2024/11/17 12:44:10| Processing: cache_store_log none
2024/11/17 12:44:10| Processing: netdb_filename /var/squid/logs/netdb.state
2024/11/17 12:44:10| Processing: pinger_enable on
2024/11/17 12:44:10| Processing: pinger_program /usr/local/libexec/squid/pinger
2024/11/17 12:44:10| Processing: sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048
2024/11/17 12:44:10| Processing: tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt
2024/11/17 12:44:10| Processing: tls_outgoing_options capath=/usr/local/share/certs/
2024/11/17 12:44:10| Processing: tls_outgoing_options options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS
2024/11/17 12:44:10| Processing: sslcrtd_children 5
2024/11/17 12:44:10| Processing: logfile_rotate 5
2024/11/17 12:44:10| Processing: debug_options rotate=5
2024/11/17 12:44:10| Processing: shutdown_lifetime 3 seconds
2024/11/17 12:44:10| Processing: acl localnet src 192.168.2.0/24
2024/11/17 12:44:10| Processing: forwarded_for on
2024/11/17 12:44:10| Processing: uri_whitespace strip
2024/11/17 12:44:10| Processing: refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i microsoft.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i windows.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i microsoft.com.akadns.net/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i deploy.akamaitechnologies.com/.*.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: cache_mem 512 MB
2024/11/17 12:44:10| Processing: maximum_object_size_in_memory 1024 KB
2024/11/17 12:44:10| Processing: memory_replacement_policy heap GDSF
2024/11/17 12:44:10| Processing: cache_replacement_policy heap LFUDA
2024/11/17 12:44:10| Processing: minimum_object_size 0 KB
2024/11/17 12:44:10| Processing: maximum_object_size 4 MB
2024/11/17 12:44:10| Processing: cache_dir ufs /var/squid/cache 100 16 256
2024/11/17 12:44:10| Processing: offline_mode off
2024/11/17 12:44:10| Processing: cache_swap_low 90
2024/11/17 12:44:10| Processing: cache_swap_high 95
2024/11/17 12:44:10| Processing: cache allow all
2024/11/17 12:44:10| Processing: refresh_pattern ^ftp: 1440 20% 10080
2024/11/17 12:44:10| Processing: refresh_pattern ^gopher: 1440 0% 1440
2024/11/17 12:44:10| Processing: refresh_pattern -i (/cgi-bin/|?) 0 0% 0
2024/11/17 12:44:10| Processing: refresh_pattern . 0 20% 4320
2024/11/17 12:44:10| Processing: acl allsrc src all
2024/11/17 12:44:10| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
2024/11/17 12:44:10| Processing: acl sslports port 443 563
2024/11/17 12:44:10| Processing: acl purge method PURGE
2024/11/17 12:44:10| Processing: acl connect method CONNECT
2024/11/17 12:44:10| Processing: acl HTTP proto HTTP
2024/11/17 12:44:10| Processing: acl HTTPS proto HTTPS
2024/11/17 12:44:10| Processing: acl step1 at_step SslBump1
2024/11/17 12:44:10| Processing: acl step2 at_step SslBump2
2024/11/17 12:44:10| Processing: acl step3 at_step SslBump3
2024/11/17 12:44:10| Processing: acl allowed_subnets src 192.168.2.1/24 192.168.2.0/24
2024/11/17 12:44:10| WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '192.168.2.1/24'
2024/11/17 12:44:10| WARNING: (B) '192.168.2.0/24' is a subnetwork of (A) '192.168.2.0/24'
2024/11/17 12:44:10| WARNING: because of this '192.168.2.0/24' is ignored to keep splay tree searching predictable
2024/11/17 12:44:10| WARNING: You should probably remove '192.168.2.0/24' from the ACL named 'allowed_subnets'
2024/11/17 12:44:10| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2024/11/17 12:44:10| Processing: http_access allow manager localhost
2024/11/17 12:44:10| Processing: http_access deny manager
2024/11/17 12:44:10| Processing: http_access allow purge localhost
2024/11/17 12:44:10| Processing: http_access deny purge
2024/11/17 12:44:10| Processing: http_access deny !safeports
2024/11/17 12:44:10| Processing: http_access deny CONNECT !sslports
2024/11/17 12:44:10| Processing: http_access allow localhost
2024/11/17 12:44:10| Processing: request_body_max_size 0 KB
2024/11/17 12:44:10| Processing: delay_pools 1
2024/11/17 12:44:10| Processing: delay_class 1 2
2024/11/17 12:44:10| Processing: delay_parameters 1 -1/-1 -1/-1
2024/11/17 12:44:10| Processing: delay_initial_bucket_level 100
2024/11/17 12:44:10| Processing: delay_access 1 allow allsrc
2024/11/17 12:44:10| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
2024/11/17 12:44:10| Processing: url_rewrite_bypass off
2024/11/17 12:44:10| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2024/11/17 12:44:10| Processing: http_access allow whitelist
2024/11/17 12:44:10| Processing: acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
2024/11/17 12:44:10| Processing: request_header_access YouTube-Restrict deny all
2024/11/17 12:44:10| Processing: request_header_add YouTube-Restrict none youtubedst
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .microsoft.com
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .windowsupdate.com
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .akamaitechnologies.com
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .akadns.net
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .cloudns.net
2024/11/17 12:44:10| Processing: ssl_bump peek step1
2024/11/17 12:44:10| Processing: acl hasRequest has request
2024/11/17 12:44:10| Processing: access_log daemon:/var/log/squid/access.log hasRequest
2024/11/17 12:44:10| Processing: http_access allow allowed_subnets
2024/11/17 12:44:10| Processing: http_access allow localnet
2024/11/17 12:44:10| Processing: http_access deny allsrc
2024/11/17 12:44:10| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2024/11/17 12:44:10| Requiring client certificates.
2024/11/17 12:44:10| Loaded signing certificate: /CN=internal-ca/C=TR
2024/11/17 12:44:10| Not requiring any client certificates
2024/11/17 12:44:10| Loaded signing certificate: /CN=internal-ca/C=TR
2024/11/17 12:44:10| Not requiring any client certificates
2024/11/17 12:44:10| Loaded signing certificate: /CN=internal-ca/C=TR
2024/11/17 12:44:10| Not requiring any client certificates