Сообщения Programensh

Ошибка Squid

Форум — Admin

Нужна помощь, Squid3 показывает вот такую ошибку The ssl_crtd helpers are crashing too rapidly, need help! Что делать?


http_port               10.0.0.2:8080       accel
http_port               10.0.0.2:3128       

http_port               192.168.2.2:8080    accel
http_port               192.168.2.2:3128    
#= for Frontends:
http_port               127.0.0.1:3128

http_port               192.168.2.2:4443    ssl-bump    \
                        generate-shost-certificates=on   \
                      dynamic_cert_mem_cache_size=4MB \
                      cert=/etc/squid3/squidCA.pem    \
                       key=/etc/squid3/squidCA.pem     \
                       connection-auth=off             \
                       sslflags=NO_DEFAULT_CA

http_port               10.0.0.2:4443    ssl-bump       \
                       generate-host-certificates=on   \
                        dynamic_cert_mem_cache_size=4MB \
                       cert=/etc/squid3/squidCA.pem    \
                       key=/etc/squid3/squidCA.pem     \
                        connection-auth=off             \
                        sslflags=NO_DEFAULT_CA

sslproxy_flags          DONT_VERIFY_PEER
sslproxy_cert_error     allow all
always_direct           allow all
ssl_bump client-first   all
ssl_bump                none all
#sslcrtd_program         /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssldb/certs -M 4MB

pid_filename            /var/run/squid.pid
hosts_file              /etc/hosts
error_directory         /usr/share/squid3/errors/templates
visible_hostname        none
dns_nameservers         77.88.8.7


tcp_outgoing_address    192.168.2.2 all
dns_v4_first            on

#logfile_rotate          1
#access_log              stdio:/var/log/squid3/access.log squid
#cache_store_log         stdio:/var/log/squid3/store.log
#cache_log               /var/log/squid3/cache.log

#logfile_daemon          /usr/lib/squid3/log_file_daemon
cache_mem                           512 MB
maximum_object_size                 512 KB
maximum_object_size_in_memory   512 KB
memory_replacement_policy       heap    GDSF
request_header_access           X-Forwarded-For deny    all
request_header_access           Via             deny    all
request_header_access           Cache-Control   deny    all
follow_x_forwarded_for                                  allow   all
acl_uses_indirect_client                on
delay_pool_uses_indirect_client on
log_uses_indirect_client                on
forwarded_for                   on

redirect_program        /usr/bin/squidGuard     -c /etc/squid3/squidGuard.conf
redirect_children       16
redirector_bypass       on

squid3

Programensh
(17.04.19 20:33:24 MSK)

13 комментариев

Прошу помощи в настройке сертификата в Squid 3.4.8

Форум — Admin

Настроен Squid3, но всё ровно не блокирует доступ через https в браузерах, пишет что сертификат SHA-1 не действителен, и даже не знаю что делать в этой ситуации, надеюсь на помощь опытных людей.

squid3, помощь, сертификат

Programensh
(04.03.19 11:27:09 MSK)

36 комментариев

Настройка Proxy-Server

Форум — Admin

Нужна помощь! Как добавить в список локальных адресов 192.168.2.2:3128 ?

login as: accept
accept@192.168.2.2's password:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Jan 10 15:35:44 2019 from 192.168.2.111
accept@Proxy-Server:~$ mc

accept@Proxy-Server:~$ netstat -tulpn
(No info could be read for "-p": geteuid()=1001 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.2.2:80          0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.2.2:8081        0.0.0.0:*               LISTEN      -
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.2.2:61016       0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.2.2:4000        0.0.0.0:*               LISTEN      -
udp        0      0 10.0.0.2:53             0.0.0.0:*                           -
udp        0      0 127.0.0.1:53            0.0.0.0:*                           -
udp        0      0 0.0.0.0:67              0.0.0.0:*                           -
udp        0      0 127.0.0.1:18120         0.0.0.0:*                           -
udp        0      0 192.168.2.2:1812        0.0.0.0:*                           -
udp        0      0 192.168.2.2:1813        0.0.0.0:*                           -
udp        0      0 0.0.0.0:49466           0.0.0.0:*                           -

P.S. Я только начинающий в этом деле

proxy, squid3, начинающий, помощь

Programensh
(22.01.19 10:50:20 MSK)

31 комментарий

Помощь начинающему

Форум — Admin

Пытаюсь перенастроить Squid3 для прокси сервера, чтобы можно было блокировать сайты на нескольких компьютерах в учреждении. Нашёл старый файл конфигурации Squid3, и не знаю что делать. Заранее спасибо

== Global options:===============

== Listen ports: ================
http_port               10.0.0.2:8080       accel
http_port               10.0.0.2:3128

http_port               192.168.2.2:8080    accel
http_port               192.168.2.2:3128
#= for Frontends:
http_port               127.0.0.1:3128


== SSL Bump: ====================
http_port               192.168.2.2:4443    ssl-bump    \
                        generate-host-certificates=on   \
                        dynamic_cert_mem_cache_size=4MB \
                        cert=/etc/squid3/squidCA.pem    \
                        key=/etc/squid3/squidCA.pem     \
                        connection-auth=off             \
                        sslflags=NO_DEFAULT_CA

http_port               10.0.0.2:4443    ssl-bump       \
                        generate-host-certificates=on   \
                        dynamic_cert_mem_cache_size=4MB \
                        cert=/etc/squid3/squidCA.pem    \
                        key=/etc/squid3/squidCA.pem     \
                        connection-auth=off             \
                        sslflags=NO_DEFAULT_CA

sslproxy_flags          DONT_VERIFY_PEER
sslproxy_cert_error     allow all
always_direct           allow all
ssl_bump client-first   all
ssl_bump                none all
sslcrtd_program         /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssldb/certs -M 4MB


== Systems: =====================
pid_filename            /var/run/squid.pid
hosts_file              /etc/hosts
error_directory         /usr/share/squid3/errors/templates
visible_hostname        none
dns_nameservers         77.88.8.7


#== IPv6 bullshit: ===============
tcp_outgoing_address    192.168.2.2 all
dns_v4_first            o



#== Logging: =====================
logfile_rotate          1
access_log              stdio:/var/log/squid3/access.log squid
cache_store_log         stdio:/var/log/squid3/store.log
cache_log               /var/log/squid3/cache.log

logfile_daemon          /usr/lib/squid3/log_file_daemon

#== Squid Cache: =================
cache_mem                           512 MB
maximum_object_size                 512 KB
maximum_object_size_in_memory   512 KB
memory_replacement_policy       heap    GDSF

#== Elite anonomising: ===========
request_header_access           X-Forwarded-For deny    all
request_header_access           Via             deny    all
request_header_access           Cache-Control   deny    all
follow_x_forwarded_for                                  allow   all
acl_uses_indirect_client                on
delay_pool_uses_indirect_client on
log_uses_indirect_client                on
forwarded_for                   on


== SquidGuard:===================
redirect_program        /usr/bin/squidGuard     -c /etc/squid3/squidGuard.conf
redirect_children       16
redirector_bypass       on



== Squid ACL: ===============================================================

= White ports: ========
acl     Allow-port      port    20 21 25 80 110 143 443 456 993 995 1935 8000 8008 8080 8081


#= Mothods: ============
acl     purge           method  PURGE
acl     CONNECT         method  CONNECT



= Networks: ===========
acl     localnet            src     192.168.2.0/24
acl     dhcpnet             src     10.0.0.0/24
acl     DanseGuardian       src     127.0.0.1/32


= Users: ==============
acl     System          src     "/etc/squid3/users/system.list"

acl     Library-215     src             "/etc/squid3/users/library-215.list"
acl     Library-218     src             "/etc/squid3/users/library-218.list"

acl     Langlab         src             "/etc/squid3/users/students-402-3.list"

acl     Class-1         src             "/etc/squid3/users/students-109-1.list"
acl     Class-2         src             "/etc/squid3/users/students-111-1.list"
acl     Class-3         src             "/etc/squid3/users/students-112-1.list"
acl     Class-4         src             "/etc/squid3/users/students-116-1.list"
acl     Class-5         src             "/etc/squid3/users/students-26-2.list"



= Squid Lists: ========
acl     System-List     dstdomain   "/etc/squid3/lists/system.list"
acl     Access-List     dstdomain   "/etc/squid3/lists/access.list"
acl     SSL-List        dstdomain   "/etc/squid3/lists/ssl.list"
acl     Blocks-List     dstdomain   "/etc/squid3/lists/deny.list"

acl     mism_cert       dstdomain   -i "/etc/squid3/lists/mism_ssl"


http_access         allow    DanseGuardian
http_access         allow    all

= SSL Proxy: ==============
sslproxy_cert_error         allow               mism_cert
sslproxy_cert_adapt         setCommonName       ssl::certDomainMismatch


= System & Staff access: ==
http_access     allow       System              all

#http_access     allow       Staff               Blocks-List
#http_access     allow       Staff               all
http_access      allow      System              System-List
#http_access     allow       Staff               System-List

http_access     allow       Library-215         System-List
http_access     allow       Library-218         System-List
http_access     allow       Langlab             System-List

http_access     allow       Class-1             System-List
http_access     allow       Class-2             System-List
http_access     allow       Class-3             System-List
http_access     allow       Class-4             System-List
http_access     allow       Class-5             System-List

= Black lists: ============
http_access     allow        Library-215         Blocks-List
http_access     allow        Library-218         Blocks-List
http_access     allow        Langlab             Blocks-List

http_access     allow        Class-1             Blocks-List
http_access     allow        Class-2             Blocks-List
http_access     allow        Class-3             Blocks-List
http_access     allow        Class-4             Blocks-List
http_access     allow        Class-5             Blocks-List


= White lists: ============
http_access     allow       Library-215         Access-List
http_access     allow       Library-218         Access-List
http_access     allow       Langlab             Access-List

http_access     allow       Class-1             Access-List
http_access     allow       Class-2             Access-List
http_access     allow       Class-3             Access-List
http_access     allow       Class-4             Access-List
http_access     allow       Class-5             Access-List


= White SSL lists: ========
http_access     allow       Library-215         SSL-List
http_access     allow       Library-218         SSL-List
http_access     allow       Langlab             SSL-List

http_access     allow       Class-1             SSL-List
http_access     allow       Class-2             SSL-List
http_access     allow       Class-3             SSL-List
http_access     allow       Class-4             SSL-List
http_access     allow       Class-5             SSL-List

http_access     allow       all                 SSL-List

=== Port control: ===========
http_access     allow       Allow-port          Library-215
http_access     allow       Allow-port          Library-218

http_access     allow       Allow-port          Langlab
http_access     allow       Allow-port          Class-1
http_access     allow       Allow-port          Class-2
http_access     allow       Allow-port          Class-3
http_access     allow       Allow-port          Class-4
http_access     allow       Allow-port          Class-5
http_access     allow       Allow-port

proxy, squid3, помощь, сисадмин

Programensh
(09.01.19 11:46:25 MSK)

14 комментариев

Прокси сервер отказывается принимать соединения

Форум — Admin

Ситуация такова, что пытаюсь настроить сетевой фильтр squid3 и вроде работает, и показывает что ошибок в командах нет. Как только пытаюсь перезагрузить Squid, то ни один компьютер не может подключится к прокси сервер, а если прокси отключить то сеть есть! Не подскажете что в таком случае делать?

squid3

Programensh
(15.11.18 13:20:59 MSK)

2 комментария

RSS подписка на новые темы