SQUID proxy wont work HTTPS? SOLVED



  • Hi,
    I was wondering if someone else has had this issue before. As this is not my first time installing WPAD i have been scratching my head on why its not working.  A put a new install of 2.3.5 with squid and squidguard. Whats odd is that the wpad is works and it finds it if i put http://wpad.mydomain.local/wpad.dat and it downloads the file what the wierd part is that https wont work but i see on the log its filtering only works http I have no idea why.

    These are the steps i took.

    1. first install squid and squidguard then turn it on  and reboot

    2)  then create proxy.pac  and put it in  /usr/local/www/

    function FindProxyForURL(url, host) {
    //proxy  wpad.mydomain.local:3128 == 192.168.10.251:3128;
    var wpad = "PROXY wpad.mydomain.local:3128";
    host = host.toLowerCase();
    var hostIP = dnsResolve(host);
    if (hostIP == 0) return wpad; 
    if (isPlainHostName(host)) return "DIRECT";
    if (shExpMatch(host, ".local")) return "DIRECT";
    //mi dominio mydomain.local;
    if (shExpMatch(host, ".casa.local")) return "DIRECT";
    //redes privadas;
    if (isInNet(dnsResolve(host), "127.0.0.0", "255.0.0.0")) return "DIRECT";
    if (isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0")) return "DIRECT";
    if (isInNet(dnsResolve(host), "10.0.0.0", "255.255.0.0")) return "DIRECT";
    if (isInNet(dnsResolve(host), "10.0.0.0", "255.255.255.0")) return "DIRECT";
    //end mi red privada;
    if (isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0")) return "DIRECT";
    if (isInNet(dnsResolve(host), "192.168.0.0", "255.255.255.0")) return "DIRECT";
    if (isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0")) return "DIRECT";
    if (shExpMatch(host, "fe80::*")) return "DIRECT";
    if (shExpMatch(url, "http:*")) return wpad;
    if (shExpMatch(url, "https:*")) return wpad;
    return wpad;
    }
    
    

    then i would go to /usr/local/etc/nginx/mime.types

    and add this

    application/x-ns-proxy-autoconfig     pac;
    application/x-ns-proxy-autoconfig     dat;
    application/x-ns-proxy-autoconfig     da;
    
    

    Then on dns resolver create a host override (see picture)

    then create sym link

    ln -s /usr/local/www/proxy.pac /usr/local/www/wpad.dat
    
    ln -s /usr/local/www/proxy.pac /usr/local/www/wpad.da
    

    Then on the LAN create the rules ( see picture)

    the WPAD part was already implemented before using 2.2.4 on a windows server which runs the DNS and DHCP so i know thats not the issue

    Thank you









  • ??? Your squidguard table seems to think https is working.



  • I know thats whats odd. i just uninstalled squidguard updated to 2.4 and no dice either. any other ideas?



  • Can you describe the nature of the actual problem?  Timeouts, error messages…?



  • Thanks for the reply, the timeout error is that it cannot find proxy, when it i clearly put it in as it does not respond to it. I check the logs and is see that the proxy is working, the weirdest thing i have ever seen.

    Thank you






  • Can you show the access.log when that client is actually making a request through the proxy?  All it show now is you talking to WebGUI.  Do you have IPv6 enabled?



  • Thanks for the reply, im attaching the  file,  and no IPV6

    access.txt



  • Sorry for the delay, I have the flu.  Squid looks like it’s working.  Your access.log is full of valid connection info, lots of https connections.

    What specifically is making you believe that https isn’t working?



  • Dont worry hope you get better “winter is coming” but what did the trick was ticking Resolve DNS IPv4 First with that it worked everything so odd i have never seen this before

    Thank you


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy