[squid-users] Squid + Ssl filter conf

Stanford Prescott stan.prescott at gmail.com
Fri May 22 23:30:16 UTC 2015


I also forgot to mention that for Squid 3.5.x /dev/shm needs to be
root:root and privileges of 0777.

On Fri, May 22, 2015 at 1:26 PM, Stanford Prescott <stan.prescott at gmail.com>
wrote:

> This works for me with Squid 3.5.4. Hope it helps.
>
>
>
> *acl localhostgreen src 192.168.192.1acl localnetgreen src
> 192.168.192.0/24 <http://192.168.192.0/24>*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *http_access allow localhosthttp_access deny !Safe_portshttp_access deny
> CONNECT !SSL_portshttp_access allow localnetgreenhttp_access allow CONNECT
> localnetgreenhttp_access allow localhostgreenhttp_access allow CONNECT
> localhostgreen# http_port and
> https_port#----------------------------------------------------------------------------http_port
> 192.168.192.1:800 <http://192.168.192.1:800> intercepthttps_port
> 192.168.192.1:808 <http://192.168.192.1:808> intercept ssl-bump
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*
>
> *# localhost forward-proxy port needed for ssl_bump*
>
>
>
>
>
>
> *http_port 127.0.0.1:800 <http://127.0.0.1:800>
> interceptsslproxy_cert_error allow allsslproxy_flags
> DONT_VERIFY_PEERsslproxy_session_cache_size 4 MB*
>
> *# Do not bump local networks*
>
>
>
>
>
>
>
> *ssl_bump none localhostgreenssl_bump bump allsslcrtd_program
> /var/smoothwall/mods/proxy/libexec/ssl_crtd -s
> /var/smoothwall/mods/proxy/lib/ssl_db -M 4MBsslcrtd_children 5http_access
> deny all*
>
> Stan
>
> On Fri, May 22, 2015 at 11:26 AM, Tony Peña <emperor.cu at gmail.com> wrote:
>
>> Hi... i tired to research about squid with ssl_bump with many guides.
>> compiling from 3.48 to 3.5.4 and with squid.conf ok but not work for me.
>>
>> someone can share please a squid.conf with your ssl_bump snipped working
>> actually...
>> every manual/guide i found are with very older version, ad the suggest
>> way is upgrade to last version.. but still stuck.
>> i'm continue searching on the google with many variables to try got
>> solution and now starting found my own emails on the list about this topic.
>>
>> i really appretiated the help.
>>
>> thanks in advance.
>>
>> --
>> Antonio Peña
>> Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
>> <https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on>
>> Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150522/a393b395/attachment.html>


More information about the squid-users mailing list