[squid-users] Squid + Ssl filter conf

Stanford Prescott stan.prescott at gmail.com
Fri May 22 18:26:19 UTC 2015 

This works for me with Squid 3.5.4. Hope it helps.



*acl localhostgreen src 192.168.192.1acl localnetgreen src 192.168.192.0/24
<http://192.168.192.0/24>*
















*http_access allow localhosthttp_access deny !Safe_portshttp_access deny
CONNECT !SSL_portshttp_access allow localnetgreenhttp_access allow CONNECT
localnetgreenhttp_access allow localhostgreenhttp_access allow CONNECT
localhostgreen# http_port and
https_port#----------------------------------------------------------------------------http_port
192.168.192.1:800 <http://192.168.192.1:800> intercepthttps_port
192.168.192.1:808 <http://192.168.192.1:808> intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*

*# localhost forward-proxy port needed for ssl_bump*






*http_port 127.0.0.1:800 <http://127.0.0.1:800>
interceptsslproxy_cert_error allow allsslproxy_flags
DONT_VERIFY_PEERsslproxy_session_cache_size 4 MB*

*# Do not bump local networks*







*ssl_bump none localhostgreenssl_bump bump allsslcrtd_program
/var/smoothwall/mods/proxy/libexec/ssl_crtd -s
/var/smoothwall/mods/proxy/lib/ssl_db -M 4MBsslcrtd_children 5http_access
deny all*

Stan

On Fri, May 22, 2015 at 11:26 AM, Tony Peña <emperor.cu at gmail.com> wrote:

> Hi... i tired to research about squid with ssl_bump with many guides.
> compiling from 3.48 to 3.5.4 and with squid.conf ok but not work for me.
>
> someone can share please a squid.conf with your ssl_bump snipped working
> actually...
> every manual/guide i found are with very older version, ad the suggest way
> is upgrade to last version.. but still stuck.
> i'm continue searching on the google with many variables to try got
> solution and now starting found my own emails on the list about this topic.
>
> i really appretiated the help.
>
> thanks in advance.
>
> --
> Antonio Peña
> Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
> <https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on>
> Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150522/3013db73/attachment-0001.html>

More information about the squid-users mailing list