• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3351
  • Last Modified:

Squid proxy - https and ftp not working

Hey

I have setup a Squid3 proxy on a Debian 5 server, it all works fine, except I can't get https and ftp to work through it. I have searched and I have tried a few suggestions/solutions but I am getting nowhere.

I have tried adding the following lines to squid.conf:
acl FTP proto FTP
always_direct allow FTP
acl HTTPS proto HTTPS
always_direct allow HTTPS

But it doesn't work, I also added the following line:
https_port 443

It then gives me a cannot find SSL certificate error and it still doesn't work.

Below is my current Squid.conf  Any one have any suggestions on how to get https and FTP working for my squid?
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl localnet src 10.47.134.0/24 10.47.135.0/24
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
http_reply_access allow all
icp_access allow all
htcp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache_dir ufs /var/spool/squid 48332 64 256
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080 override-expire
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320
cache_effective_user squid
icp_port 3130
coredump_dir /usr/local/squid/var/cache
cache_effective_group squid
cache_mem 1434 MB
maximum_object_size 30 MB

Open in new window

0
Rigged
Asked:
Rigged
  • 2
1 Solution
 
RiggedAuthor Commented:
Looks like I will have to give my self the points for this one :P

I found that my problem wasn't anything to do with the Squid configuration as such and actually iptables on the Squid/Debian server.

I found a proxy/iptables script on http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html (a very nice and simple squid setup How To) edited it to suit my network and setup and ran the script. after I ran the script I ensured that the rules were saved and bingo FTP and HTTPS was working.
0
 
Kamran ArshadCommented:
Hi,

Is your squid implemented as a transparent proxy?
0
 
RiggedAuthor Commented:
hey. Yeah it is a tranparent Proxy

http_port 3128 transparent
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now