Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 0.3.9.2 with SSL-Man-In-the-Middle-Filtering not working

    Scheduled Pinned Locked Moved Cache/Proxy
    8 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shersinghrawat
      last edited by

      I am using pfSense 2.2.4-RELEASE (amd64) with  Squid3 ver. 0.3.9.2 and squidGuard ver. 1.9.15.

      But when i enable SSL Man in the middle filtering, squid service  is stopped and does not work.

      Please suggest.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Considering I did go through the hops of putting a descriptive log_error() message just about on every damned step that happens on Squid reconfiguration that's shown in System Logs - General, I find the immense amount of information posted here absolutely amazing.

        Your suggestion can be found here.

        1 Reply Last reply Reply Quote 0
        • S
          shersinghrawat
          last edited by

          I am getting the following in the system log:

          –-------------------------------------------------

          php-fpm[32201]: /rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was '2015/10/17 15:28:30| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/pbi/squid-amd64/local/etc/squid/squid.conf line 6: https_port 127.0.0.1:3127 intercept Squid Cache (Version 3.4.10): Terminated abnormally. CPU Usage: 0.016 seconds = 0.016 user + 0.000 sys Maximum Resident Size: 46528 KB Page faults with physical i/o: 0'

          –-------------------------------------------------

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Kindly make sure you select "localhost" your LAN(s) on the "SSL Intercept Interface(s)".

            1 Reply Last reply Reply Quote 0
            • S
              shersinghrawat
              last edited by

              In SSL Intercept Interfaces, its LAN, WAN and Loopback options. I selected Loopback but still does not work.

              1 Reply Last reply Reply Quote 0
              • E
                exograpix
                last edited by

                You have to select lan.

                1 Reply Last reply Reply Quote 0
                • E
                  exograpix
                  last edited by

                  My suggestion is uninstall the package and download it again (latest version of squid)

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    @exograpix:

                    You have to select lan.

                    Thanks, fixed above…

                    @OP: The interfaces MUST match. You have some wild mixture of Proxy Interface(s) vs. Transparent Proxy Interface(s) vs. SSL Intercept Interface(s). Make sure the thing match each other.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.