Squid Proxy error ” TAG_NONE/503 0 CONNECT www.bing.com:443 – HIER_NONE/- -“

Error: When you try to browse internet through squid, the webpage will not be shown. But you can able to access squid server and port without any issues.

When you check in the access log on squid you will get an error ” TAG_NONE/503 0 CONNECT http://www.bing.com:443 – HIER_NONE/- -”  when I access bing.com.


Solution: Try to add the following line in /etc/squid/squid.conf

forward_max_tries 25 

This solves the issue for me.

Source url: https://www.vivaolinux.com.br/topico/Squid-Iptables/problema-squid3-para-baixar-anexos-do-outlook?pagina=02


Ubuntu apache2[10961]: AH00534: apache2: Configuration error: More than one MPM loaded.

Error scenario: Apache service not working with the following error “Ubuntu apache2[10961]: AH00534: apache2: Configuration error: More than one MPM loaded.”

The following are the error message when I try to start apache service.

root@Ubuntu:/var/log/apache2# /etc/init.d/apache2 restart

[….] Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed because the control process exited with error code. See “systemctl status apache2.service” and “journalctl -xe” for details.




Root cause: To check the issue, I run the Journalctl-xe for the error logs

root@Ubuntu:/var/log/apache2# journalctl |tail

Mar 07 15:08:10 Ubuntu apache2[10961]: AH00534: apache2: Configuration error: More than one MPM loaded.

Mar 07 15:08:10 Ubuntu apache2[10961]: Action ‘configtest’ failed.

Mar 07 15:08:10 Ubuntu apache2[10961]: The Apache error log may have more information.

Mar 07 15:08:10 Ubuntu systemd[1]: apache2.service: Control process exited, code=exited status=1

Mar 07 15:08:10 Ubuntu systemd[1]: Failed to start LSB: Apache2 web server.

Mar 07 15:08:10 Ubuntu systemd[1]: apache2.service: Unit entered failed state.

Mar 07 15:08:10 Ubuntu systemd[1]: apache2.service: Failed with result ‘exit-code’.

Mar 07 15:09:01 Ubuntu CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)

Mar 07 15:09:01 Ubuntu CRON[10995]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)

Mar 07 15:09:02 Ubuntu CRON[10994]: pam_unix(cron:session): session closed for user root


###### The bold highlighted is the cause where there is configuration issue in Apache. Hence I tried to check the configuration check command in Apache.######

root@Ubuntu:/var/log/apache2# apache2ctl -t

AH00534: apache2: Configuration error: More than one MPM loaded.

Action ‘-t’ failed.

The Apache error log may have more information.



Solution: Run the command a2dismod worker 

root@Ubuntu:/var/log/apache2# a2dismod worker

Module worker disabled.

To activate the new configuration, you need to run:

service apache2 restart

root@Ubuntu:/var/log/apache2# systemctl restart apache2.service

root@Ubuntu:/var/log/apache2# apache2ctl -t

Syntax OK




The following are the steps involved for installing squid proxy as a transparent mode and various troubleshooting which I undergone during the installation.












The following are the prerequisite in RHEL 6.7 before installing squid are

  1. Disable selinux by #vim /etc/selinux/config
  2. Enable IPforward=1 in /etc/sysctl.conf
  3. Enable EPEL repo

a. #cd /root/

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm


b. #rpm -Uvh epel-release-6.8.noarch.rpm

c. Create squid repo by the following syntax

d. #cd /etc/yum.repos.d

e. #vi  SQUID.repo

   Enter or insert the following text in the squid.repo file


name=Squid repo for CentOS Linux – $basearch

#IL mirror





4. Do #yum update

 Installation of SQUID

#yum install perl-Crypt-OpenSSL-X509 (We need to install this application successful else https site will not work).

#yum install -y squid

Install squid helper from the url: http://www1.ngtech.co.il/repo/centos/6/x86_64/squid-helpers-3.5.19-1.el6.x86_64.rpm

# wget http://www1.ngtech.co.il/repo/centos/6/x86_64/squid-helpers-3.5.19-1.el6.x86_64.rpm

# yum install -y squid-helpers-3.5.19-1.el6.x86_64.rpm

Now we initialize SQUID ssl_db directory, in the following syntax

#/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db

Assign ownership for squid

#chown -R squid.squid /var/lib/ssl_db

Edit squid.conf file in /etc/squid/squid.conf and the configuration

Define your local source network by

acl localnet src

Enable and define the ports in squid.conf file

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http


http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow all

http_port 3130

http_port 3128 intercept

https_port 3129 intercept ssl-bump generate-host-certificates=on

dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myca.pem key=/etc


#always_direct allow all

ssl_bump server-first all

#sslproxy_cert_error deny all

#sslproxy_flags DONT_VERIFY_PEER

sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB

sslcrtd_children 8 startup=1 idle=1

coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

Generate Certificate for SQUID using OpenSSL

go to SQUID directory, create the certificate folder and generate the keys:

#mkdir /etc/squid/ssl_cert

#chown -R squid.squid /etc/squid/ssl_cert

#cd /etc/squid/ssl_cert

Generate ssl certificate by the following syntax

#openssl req -new -newkey rsa:1024 -days 1365 -nodes -x509 -keyout myca.pem -out myca.pem

For Windows clients the key :

#openssl x509 -in myca.pem -outform DER -out myca.der

Now enable squid on all run levels and start the squid service

#chkconfig squid on

#/etc/init.d/squid start

Redirect / Accept HTTP and HTTPS traffic from router/Firewall to Proxy

#iptables -t nat -A PREROUTING -p tcp -s –dport 80 -j DNAT –to

#iptables -t nat -A PREROUTING -p tcp -s –dport 443 -j DNAT –to

Save the IPtables configuration

#/etc/ini.d/iptables save

On Windows Client Configuration

We need to copy the /etc/squid/ssl_cert/myca.der file to our

Windows clients

For Internet Explorer :

Tools -> Internet Options -> Content -> Certificates Click on

Import , select myca.der file , make sure that you import to

Root Trusted Certificates

For Mozilla Firefox :

Tools-> Options-> Advanced -> Certificates – > View Certificates


(x) Trust this CA to identify websites

(x) Trust this CA to identify email users

(x) Trust this CA to identify software developers

Click OK you are done.

NOTE : If the main certificate expires for SQUID , and you generate

a new one , don’t forget to delete the old certificates ,

/var/lib/ssl_db/certs also empty the file /var/lib/ssl_db/index.txt, and set the number inside the file /var/lib/ssl_db/size to 0

In our infrastructure the bind service not required for name resolution.


To my experience squid with transparent proxy for http and https is successful with the squid version 3.5.19 and the lower version of squid seems to be some bugs.

Below are the bugs which we come across with the older versions of squid in the /var/log/squid/access.log

1301567341.317 23434 TCP_MISS/200 957 POST http://by2msg3010710.by2.gateway.edg…y/gateway.dll? – DIRECT/ text/html
1301567341.896 531 TCP_MISS/200 1056 POST http://by2msg3010710.by2.gateway.edg…y/gateway.dll? – DIRECT/ text/html
1301567344.042 770 TCP_MISS/200 1117 POST http://www.facebook.com/ajax/chat/buddy_list.php? – DIRECT/ application/x-javascript
1301567347.991 414 TCP_MISS/200 316 POST http://oss-content.securestudies.com/cidpost – DIRECT/ text/plain
1301567351.115 494 TCP_MISS/200 316 POST http://oss-content.securestudies.com/cidpost – DIRECT/ text/plain
1301567352.986 412 TCP_MISS/200 316 POST http://oss-content.securestudies.com/cidpost – DIRECT/ text/plain
1301567354.288 555 TCP_MISS/200 6079 GET http://www.google.com.sa/ – DIRECT/ text/html
1301567354.516 37 TCP_MISS/302 683 GET http://www.google.com.sa/gen_204? – DIRECT/ text/html
1301567354.773 254 TCP_MISS/204 367 GET http://www.google.com.sa/gen_204? – DIRECT/ text/html
1301567354.842 161 TCP_MISS/302 856 GET http://www.google.com.sa/csi? – DIRECT/ text/html
1301567355.165 320 TCP_MISS/204 413 GET http://www.google.com.sa/csi? – DIRECT/ text/html
1301567355.234 456 TCP_MISS/204 322 GET http://clients1.google.com.sa/generate_204 – DIRECT/ text/html

w – command in linux

W is a command in Linux which gives the system uptime, who command (No. of users in the session) and the average load the system.

It is interesting to see a single word (W) command gives more useful resources. Refer the screen shot below.



To run a shell script in an encrypted mode

Scenario:  To encrypt a shell script for security reason and to call the encrypted shell script in another shell script.

Prerequisite for installing shc (encrypting a shell script):
Gcc library is required before installing shc application.

SHC installation in Centos:

Step1:  #yum install gcc

Step2: #yum install shc ( it will install shc.x86_64) based on the OS version.
Now steps to encrypt a shell script.

After the successful installation of SHC the following steps to be carried out.

Step3: create a shell script to display your login-id and the computer hostname.
Echo –n “I am logged on as”; whoami
Echo –n “ My computer name”; hostname
Save the file and close (:wq) - File name login.sh

Step4:  now run the command
#shc –f  login.sh
This will create two files a. login.sh.x b. login.sh.x.c

Step5:  Run the command to execute in another shell script
# shc –v  –r  -T –f  login.sh

Step 6: Create another script to call the encrypted script.
echo Calling sh login.sh.x

Step7:  Execute another script and check with the original one; both output must be similar.

How to configure SFTP in CENTOS

Configuration of SFTP in CentOS

[root@Karthick~]# cd /etc/vsftpd/
[root@Karthick~]# /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
[root@Karthick~]#[root@station1 ~]# vim /etc/vsftpd/vsftpd.conf
#For SSL
#To allow anonymous users to use SSL
#local users to use both ssl and unsecure way
#Force ssl
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
# permit SSL v3 protocol connections. TLS v1 connections are preferred
#RSA certificate

[root@Karthick~]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@Karthick~]#sftp karthick@localhost
Connecting to localhost..
karthick@localhost password:
sftp> ls
Desktop Documents Downloads Music Pictures Public Templates Videos
sftp> bye

Password reset for Windows machine using linux tool

In my earlier post , I have mentioned using ubuntu we can change the windows password using the command chntpw. Update to that there is a tool of chntpw which comes with bootable iso and makes the job easier.

Today I tried with this tool and reset the Administrator password for windows 2003 server. (Local account not domain admin).

Please find the application and procedure enclosed.

Application: – https://www.dropbox.com/s/xyrbeo88nju8sw8/cd100627.zip

Procedure:- https://www.dropbox.com/s/kaklok06c1ghgyf/password%20reset%20procedure.pdf

More info: http://pogostick.net/~pnh/ntpasswd/