[squid-users] cache peer only forward http , not https !!!
Ahmad Alzaeem
ahmed.zaeem at netstream.ps
Tue Nov 10 17:18:45 UTC 2015
Thank you ,
Can you just guide me for the https peer directive plz ?
I can take care of https intercept
So with http , we have directive cache_peer 10.12.0.32 parent 8080 0 no-query no-digest
As ok
Now what about https directive ?
Can u help me
Thanks a lot a lot a lot for your help
cheers
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Yuri Voinov
Sent: Tuesday, November 10, 2015 8:49 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] cache peer only forward http , not https !!!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
1. You need to configure Squid with SSL Bump to capture HTTPS traffic.
2. You need to configure forwarded requests with splice/no bump. :)
10.11.15 22:42, Ahmad Alzaeem пишет:
> Hi Guys I want proxy and I
want it to forward http & https to remote proxy
>
>
>
> Does the command below enogh ?
>
>
>
> cache_peer 10.12.0.32 parent 8080 0 no-query no-digest
no-tproxy
> proxy-only
No.
>
>
>
>
> or I need to add other line for https ??
No.
>
>
>
>
> BTW the command line above work only for http not for https
Sure.
>
>
>
>
> Any help ?
*** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! ***
# Privoxy+Tor acl
acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"
# SSL bump rules
sslproxy_cert_error allow all
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump"
acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor"
ssl_bump splice NoSSLIntercept
ssl_bump bump all
# Privoxy+Tor access rules
never_direct allow tor_url
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all
As you can see, this is just example. The idea described with first two lines of my answer above.
This snippet works for torified sites described in tor_url acl.
NB: I do not guarantee this will work on your environment!
>
>
>
>
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWQi4dAAoJENNXIZxhPexG0SEH/jjiJogO+BkgsjCLjt394UQ6
0qniwV6kBg9daS/3AWrLE3VizP8LnsHwLo3EQi/hdcuY0QPZUwablWt0emGlkZ/w
EnUUeyuZwqV9EP2z+I3apwg49E9vVV/dv6+HJSkorj0ibMlTPvdT4nMKr/zywnp7
fLmyQ8Gfn418g8+SHcQvouHFGRRecLjLi/B9OjdsT29O0tpH628Spv5+JYBzGrqh
FulBz6tzRLpE8W3JHMJjSXEuXbjeI8F2TVPd23g0TeBQaNMKAJwR9qPiYBgBJBhW
9Wk45ccPcwFHxZJgVZCkfj0SHVvnNX3A7tCwldQNFh9DveKtobRJTntMGqljwWI=
=dgIc
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151110/1f2388e2/attachment-0001.html>
More information about the squid-users
mailing list