squid sites sometimes don't load completely help pls
-
Hello, I don't quite understand what you mean? Did you mean this?
-
@makazo set your memory back 64MB your not caching your only using URL blocking you could even disable caching completely that would solve it also. Are you caching and accelerating ? I do this however for URL blocking you do not need this to be enabled.
-
@JonathanLee OK, I set it to 64mb as you said. Do I need to disable cache in the local cache area?
-
@makazo yes disable it, if you just need url blocking you can turn that off. It’s very complex to get running correctly.
-
@JonathanLee OK, I will try it this way, if there is a solution, I will write it here, thank you, and I will inform you about the situation again.
-
@JonathanLee Hello, I did what you said , but the problem still persists.
-
@makazo are you using custom config? Or just set to splice all?
-
@JonathanLee I use the splice all mode. When I use the custom mode, the phones on the network experience problems. If you have special configuration settings for custom mode, I can try them if you share them.
-
@makazo I have certificates installed on all of the devices I own, however it splices the devices I do not own and it works perfectly. What is it listening on? Loopback and interface ??
-
@makazo if you run squid -k parse what is the output?
-
This post is deleted! -
@JonathanLee 2024/11/08 12:03:55| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/11/08 12:03:55| Processing: http_port 192.168.2.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| Starting Authentication on port 127.0.0.1:3128
2024/11/08 12:03:55| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| Starting Authentication on port 127.0.0.1:3129
2024/11/08 12:03:55| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: icp_port 0
2024/11/08 12:03:55| Processing: digest_generation off
2024/11/08 12:03:55| Processing: dns_v4_first on
2024/11/08 12:03:55| ERROR: Directive 'dns_v4_first' is obsolete.
2024/11/08 12:03:55| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records.
2024/11/08 12:03:55| Processing: pid_filename /var/run/squid/squid.pid
2024/11/08 12:03:55| Processing: cache_effective_user squid
2024/11/08 12:03:55| Processing: cache_effective_group proxy
2024/11/08 12:03:55| Processing: error_default_language en
2024/11/08 12:03:55| Processing: icon_directory /usr/local/etc/squid/icons
2024/11/08 12:03:55| Processing: visible_hostname localhost
2024/11/08 12:03:55| Processing: cache_mgr admin@localhost
2024/11/08 12:03:55| Processing: access_log /var/squid/logs/access.log
2024/11/08 12:03:55| Processing: cache_log /var/squid/logs/cache.log
2024/11/08 12:03:55| Processing: cache_store_log none
2024/11/08 12:03:55| Processing: netdb_filename /var/squid/logs/netdb.state
2024/11/08 12:03:55| Processing: pinger_enable on
2024/11/08 12:03:55| Processing: pinger_program /usr/local/libexec/squid/pinger
2024/11/08 12:03:55| Processing: sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048
2024/11/08 12:03:55| Processing: tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt
2024/11/08 12:03:55| Processing: tls_outgoing_options capath=/usr/local/share/certs/
2024/11/08 12:03:55| Processing: tls_outgoing_options options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/08 12:03:55| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/08 12:03:55| Processing: tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS
2024/11/08 12:03:55| Processing: sslcrtd_children 5
2024/11/08 12:03:55| Processing: logfile_rotate 5
2024/11/08 12:03:55| Processing: debug_options rotate=5
2024/11/08 12:03:55| Processing: shutdown_lifetime 3 seconds
2024/11/08 12:03:55| Processing: acl localnet src 192.168.2.0/24
2024/11/08 12:03:55| Processing: forwarded_for on
2024/11/08 12:03:55| Processing: uri_whitespace strip
2024/11/08 12:03:55| Processing: refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i microsoft.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i windows.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i microsoft.com.akadns.net/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: refresh_pattern -i deploy.akamaitechnologies.com/.*.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/08 12:03:55| Processing: cache_mem 256 MB
2024/11/08 12:03:55| Processing: maximum_object_size_in_memory 1024 KB
2024/11/08 12:03:55| Processing: memory_replacement_policy heap GDSF
2024/11/08 12:03:55| Processing: cache_replacement_policy heap LFUDA
2024/11/08 12:03:55| Processing: minimum_object_size 0 KB
2024/11/08 12:03:55| Processing: maximum_object_size 4 MB
2024/11/08 12:03:55| Processing: cache_dir ufs /var/squid/cache 100 16 256
2024/11/08 12:03:55| Processing: offline_mode off
2024/11/08 12:03:55| Processing: cache_swap_low 90
2024/11/08 12:03:55| Processing: cache_swap_high 95
2024/11/08 12:03:55| Processing: cache allow all
2024/11/08 12:03:55| Processing: refresh_pattern ^ftp: 1440 20% 10080
2024/11/08 12:03:55| Processing: refresh_pattern ^gopher: 1440 0% 1440
2024/11/08 12:03:55| Processing: refresh_pattern -i (/cgi-bin/|?) 0 0% 0
2024/11/08 12:03:55| Processing: refresh_pattern . 0 20% 4320
2024/11/08 12:03:55| Processing: acl allsrc src all
2024/11/08 12:03:55| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
2024/11/08 12:03:55| Processing: acl sslports port 443 563
2024/11/08 12:03:55| Processing: acl purge method PURGE
2024/11/08 12:03:55| Processing: acl connect method CONNECT
2024/11/08 12:03:55| Processing: acl HTTP proto HTTP
2024/11/08 12:03:55| Processing: acl HTTPS proto HTTPS
2024/11/08 12:03:55| Processing: acl step1 at_step SslBump1
2024/11/08 12:03:55| Processing: acl step2 at_step SslBump2
2024/11/08 12:03:55| Processing: acl step3 at_step SslBump3
2024/11/08 12:03:55| Processing: acl allowed_subnets src 192.168.2.1/24 192.168.2.0/24
2024/11/08 12:03:55| WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '192.168.2.1/24'
2024/11/08 12:03:55| WARNING: (B) '192.168.2.0/24' is a subnetwork of (A) '192.168.2.0/24'
2024/11/08 12:03:55| WARNING: because of this '192.168.2.0/24' is ignored to keep splay tree searching predictable
2024/11/08 12:03:55| WARNING: You should probably remove '192.168.2.0/24' from the ACL named 'allowed_subnets'
2024/11/08 12:03:55| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2024/11/08 12:03:55| Processing: http_access allow manager localhost
2024/11/08 12:03:55| Processing: http_access deny manager
2024/11/08 12:03:55| Processing: http_access allow purge localhost
2024/11/08 12:03:55| Processing: http_access deny purge
2024/11/08 12:03:55| Processing: http_access deny !safeports
2024/11/08 12:03:55| Processing: http_access deny CONNECT !sslports
2024/11/08 12:03:55| Processing: http_access allow localhost
2024/11/08 12:03:55| Processing: request_body_max_size 0 KB
2024/11/08 12:03:55| Processing: delay_pools 1
2024/11/08 12:03:55| Processing: delay_class 1 2
2024/11/08 12:03:55| Processing: delay_parameters 1 -1/-1 -1/-1
2024/11/08 12:03:55| Processing: delay_initial_bucket_level 100
2024/11/08 12:03:55| Processing: delay_access 1 allow allsrc
2024/11/08 12:03:55| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
2024/11/08 12:03:55| Processing: url_rewrite_bypass off
2024/11/08 12:03:55| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2024/11/08 12:03:55| Processing: http_access allow whitelist
2024/11/08 12:03:55| Processing: acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
2024/11/08 12:03:55| Processing: request_header_access YouTube-Restrict deny all
2024/11/08 12:03:55| Processing: request_header_add YouTube-Restrict none youtubedst
2024/11/08 12:03:55| Processing: ssl_bump peek step1
2024/11/08 12:03:55| Processing: ssl_bump splice all
2024/11/08 12:03:55| Processing: http_access allow allowed_subnets
2024/11/08 12:03:55| Processing: http_access allow localnet
2024/11/08 12:03:55| Processing: http_access deny allsrc
2024/11/08 12:03:55| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2024/11/08 12:03:55| Requiring client certificates.
2024/11/08 12:03:55| Loaded signing certificate: /CN=internal-ca/C=TR/ST=Istanbul/L=Atasehir/O=NA/OU=IT
2024/11/08 12:03:55| Not requiring any client certificates
2024/11/08 12:03:55| Loaded signing certificate: /CN=internal-ca/C=TR/ST=Istanbul/L=Atasehir/O=NA/OU=IT
2024/11/08 12:03:55| Not requiring any client certificates
2024/11/08 12:03:55| Loaded signing certificate: /CN=internal-ca/C=TR/ST=Istanbul/L=Atasehir/O=NA/OU=IT
2024/11/08 12:03:55| Not requiring any client certificatesSince I used the split all mode, I did not install a certificate on any device.
-
@makazo said in squid sites sometimes don't load completely help pls:
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/08 12:03:55| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/08 12:03:55| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010cTry to regenerate certificates for your equipment it looks to be mixed up..
-
@JonathanLee I put my mod in custom mode and re-wrote the certificate. I'll try it a bit and I'll let you know again depending on the situation.
2024/11/17 12:44:10| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/11/17 12:44:10| Processing: http_port 192.168.2.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/17 12:44:10| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| Starting Authentication on port 127.0.0.1:3128
2024/11/17 12:44:10| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/11/17 12:44:10| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
2024/11/17 12:44:10| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| Starting Authentication on port 127.0.0.1:3129
2024/11/17 12:44:10| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/11/17 12:44:10| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead.
2024/11/17 12:44:10| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
OpenSSL-saved error #1: 0x1e08010c
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: icp_port 0
2024/11/17 12:44:10| Processing: digest_generation off
2024/11/17 12:44:10| Processing: dns_v4_first on
2024/11/17 12:44:10| ERROR: Directive 'dns_v4_first' is obsolete.
2024/11/17 12:44:10| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records.
2024/11/17 12:44:10| Processing: pid_filename /var/run/squid/squid.pid
2024/11/17 12:44:10| Processing: cache_effective_user squid
2024/11/17 12:44:10| Processing: cache_effective_group proxy
2024/11/17 12:44:10| Processing: error_default_language en
2024/11/17 12:44:10| Processing: icon_directory /usr/local/etc/squid/icons
2024/11/17 12:44:10| Processing: visible_hostname localhost
2024/11/17 12:44:10| Processing: cache_mgr admin@localhost
2024/11/17 12:44:10| Processing: access_log /var/squid/logs/access.log
2024/11/17 12:44:10| Processing: cache_log /var/squid/logs/cache.log
2024/11/17 12:44:10| Processing: cache_store_log none
2024/11/17 12:44:10| Processing: netdb_filename /var/squid/logs/netdb.state
2024/11/17 12:44:10| Processing: pinger_enable on
2024/11/17 12:44:10| Processing: pinger_program /usr/local/libexec/squid/pinger
2024/11/17 12:44:10| Processing: sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048
2024/11/17 12:44:10| Processing: tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt
2024/11/17 12:44:10| Processing: tls_outgoing_options capath=/usr/local/share/certs/
2024/11/17 12:44:10| Processing: tls_outgoing_options options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_DH_USE
2024/11/17 12:44:10| ERROR: Unsupported TLS option SINGLE_ECDH_USE
2024/11/17 12:44:10| Processing: tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS
2024/11/17 12:44:10| Processing: sslcrtd_children 5
2024/11/17 12:44:10| Processing: logfile_rotate 5
2024/11/17 12:44:10| Processing: debug_options rotate=5
2024/11/17 12:44:10| Processing: shutdown_lifetime 3 seconds
2024/11/17 12:44:10| Processing: acl localnet src 192.168.2.0/24
2024/11/17 12:44:10| Processing: forwarded_for on
2024/11/17 12:44:10| Processing: uri_whitespace strip
2024/11/17 12:44:10| Processing: refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i microsoft.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i windows.com/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i microsoft.com.akadns.net/..(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: refresh_pattern -i deploy.akamaitechnologies.com/.*.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
2024/11/17 12:44:10| Processing: cache_mem 512 MB
2024/11/17 12:44:10| Processing: maximum_object_size_in_memory 1024 KB
2024/11/17 12:44:10| Processing: memory_replacement_policy heap GDSF
2024/11/17 12:44:10| Processing: cache_replacement_policy heap LFUDA
2024/11/17 12:44:10| Processing: minimum_object_size 0 KB
2024/11/17 12:44:10| Processing: maximum_object_size 4 MB
2024/11/17 12:44:10| Processing: cache_dir ufs /var/squid/cache 100 16 256
2024/11/17 12:44:10| Processing: offline_mode off
2024/11/17 12:44:10| Processing: cache_swap_low 90
2024/11/17 12:44:10| Processing: cache_swap_high 95
2024/11/17 12:44:10| Processing: cache allow all
2024/11/17 12:44:10| Processing: refresh_pattern ^ftp: 1440 20% 10080
2024/11/17 12:44:10| Processing: refresh_pattern ^gopher: 1440 0% 1440
2024/11/17 12:44:10| Processing: refresh_pattern -i (/cgi-bin/|?) 0 0% 0
2024/11/17 12:44:10| Processing: refresh_pattern . 0 20% 4320
2024/11/17 12:44:10| Processing: acl allsrc src all
2024/11/17 12:44:10| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
2024/11/17 12:44:10| Processing: acl sslports port 443 563
2024/11/17 12:44:10| Processing: acl purge method PURGE
2024/11/17 12:44:10| Processing: acl connect method CONNECT
2024/11/17 12:44:10| Processing: acl HTTP proto HTTP
2024/11/17 12:44:10| Processing: acl HTTPS proto HTTPS
2024/11/17 12:44:10| Processing: acl step1 at_step SslBump1
2024/11/17 12:44:10| Processing: acl step2 at_step SslBump2
2024/11/17 12:44:10| Processing: acl step3 at_step SslBump3
2024/11/17 12:44:10| Processing: acl allowed_subnets src 192.168.2.1/24 192.168.2.0/24
2024/11/17 12:44:10| WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '192.168.2.1/24'
2024/11/17 12:44:10| WARNING: (B) '192.168.2.0/24' is a subnetwork of (A) '192.168.2.0/24'
2024/11/17 12:44:10| WARNING: because of this '192.168.2.0/24' is ignored to keep splay tree searching predictable
2024/11/17 12:44:10| WARNING: You should probably remove '192.168.2.0/24' from the ACL named 'allowed_subnets'
2024/11/17 12:44:10| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2024/11/17 12:44:10| Processing: http_access allow manager localhost
2024/11/17 12:44:10| Processing: http_access deny manager
2024/11/17 12:44:10| Processing: http_access allow purge localhost
2024/11/17 12:44:10| Processing: http_access deny purge
2024/11/17 12:44:10| Processing: http_access deny !safeports
2024/11/17 12:44:10| Processing: http_access deny CONNECT !sslports
2024/11/17 12:44:10| Processing: http_access allow localhost
2024/11/17 12:44:10| Processing: request_body_max_size 0 KB
2024/11/17 12:44:10| Processing: delay_pools 1
2024/11/17 12:44:10| Processing: delay_class 1 2
2024/11/17 12:44:10| Processing: delay_parameters 1 -1/-1 -1/-1
2024/11/17 12:44:10| Processing: delay_initial_bucket_level 100
2024/11/17 12:44:10| Processing: delay_access 1 allow allsrc
2024/11/17 12:44:10| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
2024/11/17 12:44:10| Processing: url_rewrite_bypass off
2024/11/17 12:44:10| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2024/11/17 12:44:10| Processing: http_access allow whitelist
2024/11/17 12:44:10| Processing: acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
2024/11/17 12:44:10| Processing: request_header_access YouTube-Restrict deny all
2024/11/17 12:44:10| Processing: request_header_add YouTube-Restrict none youtubedst
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .microsoft.com
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .windowsupdate.com
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .akamaitechnologies.com
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .akadns.net
2024/11/17 12:44:10| Processing: acl splice_it ssl::server_name .cloudns.net
2024/11/17 12:44:10| Processing: ssl_bump peek step1
2024/11/17 12:44:10| Processing: acl hasRequest has request
2024/11/17 12:44:10| Processing: access_log daemon:/var/log/squid/access.log hasRequest
2024/11/17 12:44:10| Processing: http_access allow allowed_subnets
2024/11/17 12:44:10| Processing: http_access allow localnet
2024/11/17 12:44:10| Processing: http_access deny allsrc
2024/11/17 12:44:10| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2024/11/17 12:44:10| Requiring client certificates.
2024/11/17 12:44:10| Loaded signing certificate: /CN=internal-ca/C=TR
2024/11/17 12:44:10| Not requiring any client certificates
2024/11/17 12:44:10| Loaded signing certificate: /CN=internal-ca/C=TR
2024/11/17 12:44:10| Not requiring any client certificates
2024/11/17 12:44:10| Loaded signing certificate: /CN=internal-ca/C=TR
2024/11/17 12:44:10| Not requiring any client certificates