SQUID proxy wont work HTTPS? SOLVED

killmasta93

Hi,
I was wondering if someone else has had this issue before. As this is not my first time installing WPAD i have been scratching my head on why its not working.  A put a new install of 2.3.5 with squid and squidguard. Whats odd is that the wpad is works and it finds it if i put http://wpad.mydomain.local/wpad.dat and it downloads the file what the wierd part is that https wont work but i see on the log its filtering only works http I have no idea why.

These are the steps i took.

1. first install squid and squidguard then turn it on  and reboot

2)  then create proxy.pac  and put it in  /usr/local/www/

function FindProxyForURL(url, host) {
//proxy  wpad.mydomain.local:3128 == 192.168.10.251:3128;
var wpad = "PROXY wpad.mydomain.local:3128";
host = host.toLowerCase();
var hostIP = dnsResolve(host);
if (hostIP == 0) return wpad; 
if (isPlainHostName(host)) return "DIRECT";
if (shExpMatch(host, ".local")) return "DIRECT";
//mi dominio mydomain.local;
if (shExpMatch(host, ".casa.local")) return "DIRECT";
//redes privadas;
if (isInNet(dnsResolve(host), "127.0.0.0", "255.0.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "10.0.0.0", "255.255.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "10.0.0.0", "255.255.255.0")) return "DIRECT";
//end mi red privada;
if (isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "192.168.0.0", "255.255.255.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0")) return "DIRECT";
if (shExpMatch(host, "fe80::*")) return "DIRECT";
if (shExpMatch(url, "http:*")) return wpad;
if (shExpMatch(url, "https:*")) return wpad;
return wpad;
}

then i would go to /usr/local/etc/nginx/mime.types

and add this

application/x-ns-proxy-autoconfig     pac;
application/x-ns-proxy-autoconfig     dat;
application/x-ns-proxy-autoconfig     da;

Then on dns resolver create a host override (see picture)

then create sym link

ln -s /usr/local/www/proxy.pac /usr/local/www/wpad.dat

ln -s /usr/local/www/proxy.pac /usr/local/www/wpad.da

Then on the LAN create the rules ( see picture)

the WPAD part was already implemented before using 2.2.4 on a windows server which runs the DNS and DHCP so i know thats not the issue

Thank you

KOM

??? Your squidguard table seems to think https is working.

killmasta93

I know thats whats odd. i just uninstalled squidguard updated to 2.4 and no dice either. any other ideas?

KOM

Can you describe the nature of the actual problem?  Timeouts, error messages…?

killmasta93

Thanks for the reply, the timeout error is that it cannot find proxy, when it i clearly put it in as it does not respond to it. I check the logs and is see that the proxy is working, the weirdest thing i have ever seen.

Thank you

KOM

Can you show the access.log when that client is actually making a request through the proxy?  All it show now is you talking to WebGUI.  Do you have IPv6 enabled?

killmasta93

Thanks for the reply, im attaching the  file,  and no IPV6

access.txt

KOM

Sorry for the delay, I have the flu.  Squid looks like it's working.  Your access.log is full of valid connection info, lots of https connections.

What specifically is making you believe that https isn't working?

killmasta93

Dont worry hope you get better "winter is coming" but what did the trick was ticking Resolve DNS IPv4 First with that it worked everything so odd i have never seen this before

Thank you