Squid 3.3.3 - Debian 7 - HTTPS TRANSPARENT

1. Squid 3.3.3 - Debian 7 - HTTPS TRANSPARENT

cedspp10
(usa Outra)

Enviado em 19/08/2014 - 12:05h

Estou tentando fazer a leitura do HTTPS para bloquear vários sites e conteudos que rodam livremente pelo HTTPS.

Já testei vários métodos mas sempre da erro de certificado não aceito, instalo na maquina mas não resolve.

Já fui vários métodos mas continuo na mesma.

Alguem sabe se estou errando algo?

SQUID.CONF
##########################################################################
http_port 3128 transparent
https_port 3130 transparent ssl-bump key=/usr/etc/certificados/openssl.key cert=/usr/etc/certificados/openssl.crt

# SSL Bump Config
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1

cache_effective_user proxy
cache_effective_group proxy

visible_hostname SPA_SHIELD # Definir nome servidor

cache_dir ufs /var/tmp/squid/cache 8100 16 256
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 30000 KB

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log

pid_filename /var/log/squid/squid.pid
error_directory /usr/share/squid/errors/Portuguese
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt

# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl SSL_ports port 443 563
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https, snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #miltilink http

acl CONNECT method CONNECT

acl palavras-block url_regex -i "/etc/squid/files/palavras-block.conf"

acl mp3 req_mime_type -i ^audio/mpeg$
acl msn req_mime_type -i ^application/x-msn-messenger$
acl zip req_mime_type -i ^application/x-zip-compressed$
acl exe req_mime_type -i ^application/octet-stream$
acl jpeg req_mime_type -i ^image/jpeg$
acl bmp req_mime_type -i ^image/bmp$
acl javascript req_mime_type -i ^application/x-javascript$

http_access deny palavras-block
http_access allow all
##############################################################################

SQUID 3.3.3 COPILADO USANDO A LINHA SEGUINTE:

#######################################################################
./configure --prefix=/usr --localstatedir=/var --srcdir=. --includedir=/usr/include --datadir=/usr/share/squid --bindir=/usr/sbin --libexecdir=/usr/lib/squid --with-logdir=/var/log --with- pidfile=/var/run/squid.pid --enable-delay-pools --enable-ssl --enable-ssl-crtd --enable-ipf-transparent --enable-linux-netfilter --enable-eui --enable-snmp --enable-err-language="Portuguese" --enable-default-err-language="Portuguese" --enable-storeio="aufs,diskd,ufs" --enable-snmp --enable-removal- policies="heap,lru" --enable-cache-digests --enable-underscores --enable-auth-digest="file,LDAP,eDirectory" --enable-external-acl- helpers="file_userip,unix_group,wbinfo_group,kerberos_ldap_group,LDAP_group,SQL_session,AD_group,LM_group,session" --enable-auth- ntlm="fake,smb_lm,SSPI" --enable-auth-negotiate="kerberos,SSPI,wrapper" --enable-auth-basic="getpwnam,NCSA,MSNT,PAM,LDAP,RADIUS,fake,DB" --enable-auth
#######################################################################

Obrigado e grande abraço.

0 0

Quote