I used to curse this proxy unless I have watched this video)) I wasn't able to configure HTTPS...And now your video makes things clear, Squid works properly!!! Thank you, very good tutorial! P.S. Your speech is very clear. Though English is not my mother tongue, I understood every word:)
This is the best tutorial! After adding intercept just after both http_port 3128 and https_port 3129, I got the following error when I attempt to restart the squid server: "kid1 | ERROR: No forward-proxy ports configured."
In squid 4.13 edit port config as follow, intercalarily set iptables rules same as tutorial (80 to 3128 and 443 to 3129). Also, rows contain 3128, and 3129 ports won't be changed. I just add a row contains 3127 on top of all http ports. It works charmingly! http_port 3127 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB http_port 3128 intercept https_port 3129 intercept ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
I got this error dh_apparmor --profile-name=usr.sbin.squid -psquid make: dh_apparmor: Command not found debian/rules:70: recipe for target 'install/squid' failed make: *** [install/squid] Error 127 dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned exit status 2 what should I do now ?
What needs to be configured for http_proxy and https_proxy variables for browser to route traffic to proxy... This is not mentioned in video... Can someone answer
To anyone that's stuck on this too, wth squid versions 4.x and above, the ssl_crtd is renamed to security_file_certgen. Just replace ssl_crtd with security_file_certgen in the command he shows and you should be good! Also, following your exact instruction, no sites allow me to access. In the access log, it shows TCP_DENIED_ABORTED. I cannot get passed it. I tried lots of different configurations and firewall options. Disables iptables and ufw and still won't work. I feel that there is a bug in squid version 4.10. Anyone please let me know if you have the same issue and if you fixed it. What did you do?
First of all Holly f**k, thank you, i dont know why i didnt find this earlier. Now Squid is in version 4.13, and hes command needs the "-M" parameter. This worked out for me: sudo /usr/lib/squid/security_file_certgen -c -s /var/lib/ssl_db -M 4MB In access.log i dont get that error of yours (TCP_DENIED_ABORTED), but I get "no forward proxy ports configured" in cache.log
Thank you very much!! Very good tutorial and it work perfectly!! But I've got a problem with client apps like dropbox, google drive, whatsapp web, etc. They're not working :'( Could you help me? Any way of adding a exclusion on squid or iptables for these client apps to skip proxy?
Dope tutorial man!!! as at now I am working on injecting banners to t-proxied webpages. Could you offer a revelation on this. Again, I commend you on the outstanding content, it's ,short, brief & concise..
ran in to an error, 'apt source squid' prints this: E: You must put some 'deb-src' URIs in your sources.list¨ *Edit on ubuntu 20.4 this problem is solved by "sudo nano /etc/apt/sources.list" and commenting in the "deb-src" lines
Hi There, Can you help me to restrict POST method on http and https via Squid proxy on CentOS 7. So that, user can not send attached file or upload file to Website sharing, Dropbox, Onedrive.... Thanks in advance Tri Le
Hello, first of all, thaks so much for this tutorial, so usefull. I have had some issue, in line command: "openssl x509 -in myCA.pem -outform DER -out myCA.der" , a mesage has ocurred: unable to load certificate. Could you please help me? Thanks again..
Hi nice video keep it up you awesome 👍. Kindly tel me please I really need this one "how do I configure squid ssl for (https) in centos 6" please tell me thanks so much
Hello, Thanks for the video and I subscribe. I try to do it but I can not do it, I still get the error of hsts, I install the certificate generated in the client and nothing. Could someone try it recently? Excuse me for my English.
Transparent means “no proxy config at client”. The steps to import the CA cert are needed to avoid the “not secure connection” warning (basically this is a MITM). The transparent proxy is working properly.
I used to curse this proxy unless I have watched this video)) I wasn't able to configure HTTPS...And now your video makes things clear, Squid works properly!!! Thank you, very good tutorial!
P.S. Your speech is very clear. Though English is not my mother tongue, I understood every word:)
Hello man, you just saved my life and my all class love you. Hope you have a great life
This is the best tutorial!
After adding intercept just after both http_port 3128 and https_port 3129, I got the following error when I attempt to restart the squid server:
"kid1 | ERROR: No forward-proxy ports configured."
In squid 4.13 edit port config as follow, intercalarily set iptables rules same as tutorial (80 to 3128 and 443 to 3129).
Also, rows contain 3128, and 3129 ports won't be changed. I just add a row contains 3127 on top of all http ports.
It works charmingly!
http_port 3127 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
http_port 3128 intercept
https_port 3129 intercept ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
@@onurtural7424I can't believe I found the solution on a youtube video comment. It worked like a charm. Thank you so much for doing God's work haha
Worked Like Charm. Thanks for the video.
Awesome. Thanks a lot SysEng Quick. Subscribed.
Thank you for this awesome Setup-Tutorial :) More of it pls !!!
Very Good Tutorial, Thanks Very Much.
Thanks.
Hi I tried to initialize ssl_db however I'm getting an error ssl_crtd no such directoy. Thanks in advance
I am your subscriber # 420.
:)
I got this error
dh_apparmor --profile-name=usr.sbin.squid -psquid
make: dh_apparmor: Command not found
debian/rules:70: recipe for target 'install/squid' failed
make: *** [install/squid] Error 127
dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned exit status 2
what should I do now ?
Is it possible to do this without the self signed certificate and decrypt? Just pass through directly
What needs to be configured for http_proxy and https_proxy variables for browser to route traffic to proxy... This is not mentioned in video... Can someone answer
Fantastic Video ! Can you tell us how do These Proxy services are setup on the cloud. In simple terms. Tx.
To anyone that's stuck on this too, wth squid versions 4.x and above, the ssl_crtd is renamed to security_file_certgen.
Just replace ssl_crtd with security_file_certgen in the command he shows and you should be good!
Also, following your exact instruction, no sites allow me to access. In the access log, it shows TCP_DENIED_ABORTED. I cannot get passed it. I tried lots of different configurations and firewall options. Disables iptables and ufw and still won't work.
I feel that there is a bug in squid version 4.10.
Anyone please let me know if you have the same issue and if you fixed it. What did you do?
First of all Holly f**k, thank you, i dont know why i didnt find this earlier.
Now Squid is in version 4.13, and hes command needs the "-M" parameter. This worked out for me:
sudo /usr/lib/squid/security_file_certgen -c -s /var/lib/ssl_db -M 4MB
In access.log i dont get that error of yours (TCP_DENIED_ABORTED), but I get "no forward proxy ports configured" in cache.log
@@Jon-hh8jd You're welcome!
Thank you very much!! Very good tutorial and it work perfectly!! But I've got a problem with client apps like dropbox, google drive, whatsapp web, etc. They're not working :'( Could you help me?
Any way of adding a exclusion on squid or iptables for these client apps to skip proxy?
Nice Thank You
Dope tutorial man!!! as at now I am working on injecting banners to t-proxied webpages. Could you offer a revelation on this.
Again, I commend you on the outstanding content, it's ,short, brief & concise..
How would I get traffic to flow through both port 8083 and 80 in my proxy
all the squid proxy videos show how to set it up , but they never show where you can see the https decrypted payload sigh
ran in to an error, 'apt source squid' prints this:
E: You must put some 'deb-src' URIs in your sources.list¨
*Edit
on ubuntu 20.4 this problem is solved by "sudo nano /etc/apt/sources.list" and commenting in the "deb-src" lines
How to blok like https site in squid proxy?
Hi There,
Can you help me to restrict POST method on http and https via Squid proxy on CentOS 7. So that, user can not send attached file or upload file to Website sharing, Dropbox, Onedrive....
Thanks in advance
Tri Le
instead editing build files, you can build with --enable-ssl option
how to build with this option ? can u pls provide the steps ?
Hello, first of all, thaks so much for this tutorial, so usefull.
I have had some issue, in line command: "openssl x509 -in myCA.pem -outform DER -out myCA.der" , a mesage has ocurred: unable to load certificate.
Could you please help me?
Thanks again..
Link not working bro😢
can user load myca der setup with some a domain ?
Hi nice video keep it up you awesome 👍.
Kindly tel me please I really need this one "how do I configure squid ssl for (https) in centos 6" please tell me thanks so much
Hello, Thanks for the video and I subscribe. I try to do it but I can not do it, I still get the error of hsts, I install the certificate generated in the client and nothing. Could someone try it recently? Excuse me for my English.
Nice video. How to do HTTPS caching?
read more about the ssl_bump
A transparent https proxy wouldn't require a certificate or any other mood at browser client ;)
Transparent means “no proxy config at client”. The steps to import the CA cert are needed to avoid the “not secure connection” warning (basically this is a MITM). The transparent proxy is working properly.
apt source squid
E: Invalid operation source
apt install squid ?
I guess you have to enable source repos in sources.list