Squid3 0.3.9.2 with SSL-Man-In-the-Middle-Filtering not working



  • I am using pfSense 2.2.4-RELEASE (amd64) with  Squid3 ver. 0.3.9.2 and squidGuard ver. 1.9.15.

    But when i enable SSL Man in the middle filtering, squid service  is stopped and does not work.

    Please suggest.

    Thanks in advance.


  • Banned

    Considering I did go through the hops of putting a descriptive log_error() message just about on every damned step that happens on Squid reconfiguration that's shown in System Logs - General, I find the immense amount of information posted here absolutely amazing.

    Your suggestion can be found here.



  • I am getting the following in the system log:

    –-------------------------------------------------

    php-fpm[32201]: /rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was '2015/10/17 15:28:30| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/pbi/squid-amd64/local/etc/squid/squid.conf line 6: https_port 127.0.0.1:3127 intercept Squid Cache (Version 3.4.10): Terminated abnormally. CPU Usage: 0.016 seconds = 0.016 user + 0.000 sys Maximum Resident Size: 46528 KB Page faults with physical i/o: 0'

    –-------------------------------------------------


  • Banned

    Kindly make sure you select "localhost" your LAN(s) on the "SSL Intercept Interface(s)".



  • In SSL Intercept Interfaces, its LAN, WAN and Loopback options. I selected Loopback but still does not work.



  • You have to select lan.



  • My suggestion is uninstall the package and download it again (latest version of squid)


  • Banned

    @exograpix:

    You have to select lan.

    Thanks, fixed above…

    @OP: The interfaces MUST match. You have some wild mixture of Proxy Interface(s) vs. Transparent Proxy Interface(s) vs. SSL Intercept Interface(s). Make sure the thing match each other.


Log in to reply