Hello all, We are currently looking at evaluating squid to use in an upcoming project. One of the requirements is to use SSL inspection using sslBump.
To this end I have downloaded and attempted to built from source, the build completes successfully however squid dies with the following error: 2009/08/14 22:45:11| aclIpParseIpData: unknown first address in '127.0.0.1/32' FATAL: Bungled squid.conf line 2: acl localhost src 127.0.0.1/32 Squid Cache (Version 3.1.0.13): Terminated abnormally. CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys Maximum Resident Size: 5636 KB Page faults with physical i/o: 1459 This is using the default squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? coredump_dir c:/squid/var/cache refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 If I remove all acls that refer to IP Addresses then squid will start however squid z does not build cache structure and starting squid results in the following error in the cache.log 2009/08/14 22:59:40| Adding DHCP nameserver 192.168.240.1 from Registry 2009/08/14 22:59:40| WARNING: rejecting '192.168.240.1' as a name server, because it is not a numeric IP address Build environment is Windows XP MinGW 5.14 MSysy 1.011 MSysDTK 1.0.1 OpenSSL 0.9.8k Libcrypt 1.1 Db 1.85 Built using $ ./configure --prefix=c:/squid --disable-wccp --disable-wccpv2 --enable-win32-service --enable-default-hostsfile=none --enable-ssl Make Make install The binary package (3.0) installed and ran successfully but as ssl was not enabled was not able to fully evaluate. Can anyone offer any assistance ?
