Compiling newer Squid 3.4.5 in SL 6.5, Includes SSL-Bump related items

[Screwballl]

Some of us need the options available in newer versions of squid (such as ssl-bump and other SSL related extras) that the current 3.1.10 available in the SL repo does not provide. This howto is how I was able to compile it from source.

NOTE: You need perl and a few other things to ensure this works. The "yum install" items I show here were just items I needed myself (or added here just in case some of you need them), you may need more or less depending on your usage and current setup. Luckily yum is pretty tolerant, so if you already have some of these packages installed, it should just say "package already installed" and skip it.


cd to /usr/src/

CODE

wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.5.tar.gz

Usual build chain:

CODE

yum install perl gcc autoconf automake make openssl sudo wget

Extra pkgs for CentOS/SL based installs:

CODE

yum install libxml2-devel libcap-devel gcc gcc-c++ avr-gcc-c++

CODE

yum install libtool-ltdl-devel openssl-devel

CODE

yum install ksh perl-Crypt-OpenSSL-X509.x86_64

You could add all of these on one line, I just added them as configure and make errors presented themselves to me.

Extract source file:

CODE

tar -xvf squid-3.4.5.tar.gz

CODE

cd  squid-3.4.5

CODE

./configure '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' –enable-ltdl-convenience

CODE

make

(this will probably take a while with all those options, took about 4 minutes with my newer dual core system, will take much longer on older systems)

CODE

make install

CODE

adduser -M squid

CODE

chown -R squid /var/log/squid

CODE

chmod 4755 /usr/lib64/squid/pinger

CODE

chown -R squid /var/cache/squid

CODE

restorecon /var/cache/squid

(needed so selinux doesn't block squid)

CODE

cd /etc/init.d

and create new file “squid”, I added the contents of this file to the end of this document since it is so long. This allows it to be run as a service seen by the OS.
edit squid.conf to enable the cache (cache_dir ufs /var/cache/squid 10000 32 512)

CODE

squid -z

to create the needed cache directories
Do not start squid service (yet)

At this point you can edit the /etc/squid/squid.conf as needed.

For ssl-bump:

Certificate related info
I created server side certs in /etc/squid/ssl/ (for use by squid) and the folder (for website/user certs) in /var/lib/squid_ssl_db. Another option is keep them in closer proximity, so instead of /var/lib/squid_ssl_db/, could use /etc/squid/cert/ssl_db/

CODE

mkdir /etc/squid/ssl/

CODE

cd /etc/squid/ssl/

CODE

openssl req -new -newkey rsa:1024 -days 9999 -nodes -x509 -keyout squid.key  -out squid.pem

CODE

openssl x509 -in squid.pem -outform DER -out squid.der

I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates):

CODE

/usr/lib64/squid/ssl_crtd -c -s /var/lib/squid_ssl_db -M 16MB

CODE

chown -R nobody /var/lib/squid_ssl_db

Do not start squid service (yet)






squid.conf additions for SSL-bump:

# These act like “IF” commands: if http, intercept from 3128 > 3129 and process; if https intercept from 3128 > 3130. The browser never sees these alternate ports, they are only used internally thus no need for iptables rules.
# Also with dansguardian involved, dansguardian sends info to squid via localhost:3128 so DG related info does not start until rule “http_port 3128” if I understand it correctly. Also the default http port for dansguardian is 8080 or 10101 so the proxy in the browser will need that port, and Secure Proxy as 3128 directly into squid (since dansguardian cannot handle secure sites).
# With the 3130 line, I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates).

CODE

http_port 3128 # this port is what will be used for SSL Proxy on client browser http_port 3129 intercept https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB sslcrtd_children 50 startup=5 idle=1 ssl_bump server-first all ssl_bump none localhost

Do not start squid service (yet)



IPTABLES ENTRY:
Change if you plan to use another port above as primary port.

CODE

iptables -I INPUT 4 -p tcp -m tcp --dport 3128 -j ACCEPT

I prefer INPUT 4 as it puts it above most deny entries, and below the initial allow entries.

START squid
After all this, you can now “service squid start”


Squid as service
vim /etc/init.d/squid (should come back as new document in case of compiling from source)

CODE

#!/bin/bash # chkconfig: - 90 25 # pidfile: /var/run/squid.pid # config: /etc/squid/squid.conf # ### BEGIN INIT INFO # Provides: squid # Short-Description: starting and stopping Squid Internet Object Cache # Description: Squid - Internet Object Cache. Internet object caching is \ #       a way to store requested Internet objects (i.e., data available \ #       via the HTTP, FTP, and gopher protocols) on a system closer to the \ #       requesting site than to the source. Web browsers can then use the \ #       local Squid cache as a proxy HTTP server, reducing access time as \ #       well as bandwidth consumption. ### END INIT INFO PATH=/usr/bin:/sbin:/bin:/usr/sbin export PATH # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network if [ -f /etc/sysconfig/squid ]; then . /etc/sysconfig/squid fi # don't raise an error if the config file is incomplete # set defaults instead: SQUID_OPTS=${SQUID_OPTS:-""} SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} SQUID_PIDFILE_DIR="/var/run/squid" SQUID_USER="squid" SQUID_DIR="squid" # determine the name of the squid binary [ -f /usr/sbin/squid ] && SQUID=squid prog="$SQUID" # determine which one is the cache_swap directory CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ grep cache_dir | awk '{ print $3 }'` RETVAL=0 probe() { # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 1 [ `id -u` -ne 0 ] && exit 4 # check if the squid conf file is present [ -f $SQUID_CONF ] || exit 6 } start() { # Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions. if [ ! -d $SQUID_PIDFILE_DIR ]; then mkdir $SQUID_PIDFILE_DIR; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi probe parse=`$SQUID -k parse -f $SQUID_CONF 2>&1` RETVAL=$? if [ $RETVAL -ne 0 ]; then  echo -n $"Starting $prog: "  echo_failure  echo  echo "$parse"  return 1 fi for adir in $CACHE_SWAP; do  if [ ! -d $adir/00 ]; then   echo -n "init_cache_dir $adir... "   $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1  fi done echo -n $"Starting $prog: " $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 RETVAL=$? if [ $RETVAL -eq 0 ]; then  timeout=0;  while :; do   [ ! -f /var/run/squid.pid ] || break   if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then    RETVAL=1    break   fi   sleep 1 && echo -n "."   timeout=$((timeout+1))  done fi [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID [ $RETVAL -eq 0 ] && echo_success [ $RETVAL -ne 0 ] && echo_failure echo return $RETVAL } stop() { echo -n $"Stopping $prog: " $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 RETVAL=$? if [ $RETVAL -eq 0 ]; then  $SQUID -k shutdown -f $SQUID_CONF &  rm -f /var/lock/subsys/$SQUID  timeout=0  while :; do   [ -f /var/run/squid.pid ] || break   if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then    echo    return 1   fi   sleep 2 && echo -n "."   timeout=$((timeout+2))  done  echo_success  echo else  echo_failure  if [ ! -e /var/lock/subsys/$SQUID ]; then   RETVAL=0  fi  echo fi rm -rf $SQUID_PIDFILE_DIR/* return $RETVAL } reload() { $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF } restart() { stop rm -rf $SQUID_PIDFILE_DIR/* start } condrestart() { [ -e /var/lock/subsys/squid ] && restart || : } rhstatus() { status $SQUID && $SQUID -k check -f $SQUID_CONF } case "$1" in start) start ;; stop) stop ;; reload|force-reload) reload ;; restart) restart ;; condrestart|try-restart) condrestart ;; status) rhstatus ;; probe) probe ;; *) echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}" exit 2 esac exit $?

[Screwballl]

Squid version 3.4.6 (released 25 June 2014) and the process is the same, already tested on several servers.

[hermouche]

QUOTE (Screwballl @ Jun 18 2014, 02:49 AM)

Some of us need the options available in newer versions of squid (such as ssl-bump and other SSL related extras) that the current 3.1.10 available in the SL repo does not provide. This howto is how I was able to compile it from source. NOTE: You need perl and a few other things to ensure this works.  The "yum install" items I show here were just items I needed myself (or added here just in case some of you need them), you may need more or less depending on your usage and current setup. Luckily yum is pretty tolerant, so if you already have some of these packages installed, it should just say "package already installed" and skip it. cd to /usr/src/ CODE wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.5.tar.gz Usual build chain: CODE yum install perl gcc autoconf automake make openssl sudo wget Extra pkgs for CentOS/SL based installs: CODE yum install libxml2-devel libcap-devel gcc gcc-c++ avr-gcc-c++ CODE yum install libtool-ltdl-devel openssl-devel CODE yum install ksh perl-Crypt-OpenSSL-X509.x86_64 You could add all of these on one line, I just added them as configure and make errors presented themselves to me. Extract source file: CODE tar -xvf squid-3.4.5.tar.gz CODE cd  squid-3.4.5 CODE ./configure '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' –enable-ltdl-convenience CODE make (this will probably take a while with all those options, took about 4 minutes with my newer dual core system, will take much longer on older systems) CODE make install CODE adduser -M squid CODE chown -R squid /var/log/squid CODE chmod 4755 /usr/lib64/squid/pinger CODE chown -R squid /var/cache/squid CODE restorecon /var/cache/squid (needed so selinux doesn't block squid) CODE cd /etc/init.d and create new file “squid”, I added the contents of this file to the end of this document since it is so long. This allows it to be run as a service seen by the OS. edit squid.conf to enable the cache (cache_dir ufs /var/cache/squid 10000 32 512) CODE squid -z to create the needed cache directories Do not start squid service (yet) At this point you can edit the /etc/squid/squid.conf as needed. For ssl-bump: Certificate related info I created server side certs in /etc/squid/ssl/ (for use by squid) and the folder (for website/user certs) in /var/lib/squid_ssl_db. Another option is keep them in closer proximity, so instead of /var/lib/squid_ssl_db/, could use /etc/squid/cert/ssl_db/ CODE mkdir /etc/squid/ssl/ CODE cd /etc/squid/ssl/ CODE openssl req -new -newkey rsa:1024 -days 9999 -nodes -x509 -keyout squid.key  -out squid.pem CODE openssl x509 -in squid.pem -outform DER -out squid.der I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates): CODE /usr/lib64/squid/ssl_crtd -c -s /var/lib/squid_ssl_db -M 16MB CODE chown -R nobody /var/lib/squid_ssl_db Do not start squid service (yet) squid.conf additions for SSL-bump: # These act like “IF” commands: if http, intercept from 3128 > 3129 and process; if https intercept from 3128 > 3130. The browser never sees these alternate ports, they are only used internally thus no need for iptables rules. # Also with dansguardian involved, dansguardian sends info to squid via localhost:3128 so DG related info does not start until rule “http_port 3128” if I understand it correctly. Also the default http port for dansguardian is 8080 or 10101 so the proxy in the browser will need that port, and Secure Proxy as 3128 directly into squid (since dansguardian cannot handle secure sites). # With the 3130 line, I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates). CODE http_port 3128 # this port is what will be used for SSL Proxy on client browser http_port 3129 intercept https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB sslcrtd_children 50 startup=5 idle=1 ssl_bump server-first all ssl_bump none localhost Do not start squid service (yet) IPTABLES ENTRY: Change if you plan to use another port above as primary port. CODE iptables -I INPUT 4 -p tcp -m tcp --dport 3128 -j ACCEPT I prefer INPUT 4 as it puts it above most deny entries, and below the initial allow entries. START squid After all this, you can now “service squid start” Squid as service vim /etc/init.d/squid (should come back as new document in case of compiling from source) CODE #!/bin/bash # chkconfig: - 90 25 # pidfile: /var/run/squid.pid # config: /etc/squid/squid.conf # ### BEGIN INIT INFO # Provides: squid # Short-Description: starting and stopping Squid Internet Object Cache # Description: Squid - Internet Object Cache. Internet object caching is \ #       a way to store requested Internet objects (i.e., data available \ #       via the HTTP, FTP, and gopher protocols) on a system closer to the \ #       requesting site than to the source. Web browsers can then use the \ #       local Squid cache as a proxy HTTP server, reducing access time as \ #       well as bandwidth consumption. ### END INIT INFO PATH=/usr/bin:/sbin:/bin:/usr/sbin export PATH # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network if [ -f /etc/sysconfig/squid ]; then . /etc/sysconfig/squid fi # don't raise an error if the config file is incomplete # set defaults instead: SQUID_OPTS=${SQUID_OPTS:-""} SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} SQUID_PIDFILE_DIR="/var/run/squid" SQUID_USER="squid" SQUID_DIR="squid" # determine the name of the squid binary [ -f /usr/sbin/squid ] && SQUID=squid prog="$SQUID" # determine which one is the cache_swap directory CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ grep cache_dir | awk '{ print $3 }'` RETVAL=0 probe() { # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 1 [ `id -u` -ne 0 ] && exit 4 # check if the squid conf file is present [ -f $SQUID_CONF ] || exit 6 } start() { # Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions. if [ ! -d $SQUID_PIDFILE_DIR ]; then mkdir $SQUID_PIDFILE_DIR; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi probe parse=`$SQUID -k parse -f $SQUID_CONF 2>&1` RETVAL=$? if [ $RETVAL -ne 0 ]; then  echo -n $"Starting $prog: "  echo_failure  echo  echo "$parse"  return 1 fi for adir in $CACHE_SWAP; do  if [ ! -d $adir/00 ]; then   echo -n "init_cache_dir $adir... "   $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1  fi done echo -n $"Starting $prog: " $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 RETVAL=$? if [ $RETVAL -eq 0 ]; then  timeout=0;  while :; do   [ ! -f /var/run/squid.pid ] || break   if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then    RETVAL=1    break   fi   sleep 1 && echo -n "."   timeout=$((timeout+1))  done fi [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID [ $RETVAL -eq 0 ] && echo_success [ $RETVAL -ne 0 ] && echo_failure echo return $RETVAL } stop() { echo -n $"Stopping $prog: " $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 RETVAL=$? if [ $RETVAL -eq 0 ]; then  $SQUID -k shutdown -f $SQUID_CONF &  rm -f /var/lock/subsys/$SQUID  timeout=0  while :; do   [ -f /var/run/squid.pid ] || break   if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then    echo    return 1   fi   sleep 2 && echo -n "."   timeout=$((timeout+2))  done  echo_success  echo else  echo_failure  if [ ! -e /var/lock/subsys/$SQUID ]; then   RETVAL=0  fi  echo fi rm -rf $SQUID_PIDFILE_DIR/* return $RETVAL } reload() { $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF } restart() { stop rm -rf $SQUID_PIDFILE_DIR/* start } condrestart() { [ -e /var/lock/subsys/squid ] && restart || : } rhstatus() { status $SQUID && $SQUID -k check -f $SQUID_CONF } case "$1" in start) start ;; stop) stop ;; reload|force-reload) reload ;; restart) restart ;; condrestart|try-restart) condrestart ;; status) rhstatus ;; probe) probe ;; *) echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}" exit 2 esac exit $?

Thank you very much for your post Screenballl,
Very interesting since i guess we can track the HTTPS in my college. Some student's are just by passing the proxy squid by using some proxy web site (VPN) !!!

However, i'm tryying to follow your post and I've got a problem whent i try to compile:

QUOTE

configure: error: in `/root/squid-3.4.5': configure: error: C compiler cannot create executables

What could be the problem please?

I am using CentOS release 6.6 (Final)
Thanks a lot Screenballl.

[inittux]

Do you have glibc-devel installed?

QUOTE

Thank you very much for your post Screenballl, Very interesting since i guess we can track the HTTPS in my college. Some student's are just by passing the proxy squid by using some proxy web site (VPN) !!! However, i'm tryying to follow your post and I've got a problem whent i try to compile: QUOTE configure: error: in `/root/squid-3.4.5': configure: error: C compiler cannot create executables What could be the problem please? I am using CentOS release 6.6 (Final) Thanks a lot Screenballl. http://th166.photobucket.com/albums/u117/rdshear/Smiley%20Faces/th_smiley-face-thumbs-up.gif

[Screwballl]

I have also tested this with squid 3.4.7 and the newest 3.5.1 as well, process is the same, just need to modify the name of the original file download, everything else is the same.

No differences on doing this with SL6.5 versus 6.6.

[peace]

QUOTE (Screwballl @ Jun 29 2014, 08:51 AM)

Squid version 3.4.6 (released 25 June 2014) and the process is the same, already tested on several servers.

This is very good post. I followed everything and was able to install squid-3.4.5 and http is working but when i try https it throws following message in access.log :

CODE

1471102901.348      0 192.168.74.107 TAG_NONE/400 4037 NONE error:invalid-request - HIER_NONE/- text/html

Can you please help me what changes i need to make in this case?

Thanks!!