[squid-users] cache peer only forward http , not https !!!

Yuri Voinov yvoinov at gmail.com
Tue Nov 10 18:42:35 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
I think, we need to take a look on your squid.conf first.

10.11.15 23:18, Ahmad Alzaeem пишет:
> Thank you , 
>
> 
>
> Can you just guide me for the https peer directive plz ?
>
> I can take care of https intercept
>
> 
>
> So with http , we have directive cache_peer 10.12.0.32  parent 8080  0
no-query no-digest
>
> 
>
> As ok
>
> 
>
> Now what about https directive ?
>
> Can u help me
>
> 
>
> Thanks a lot a lot a lot for your help
>
> 
>
> cheers
>
> 
>
> 
>
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
On Behalf Of Yuri Voinov
> Sent: Tuesday, November 10, 2015 8:49 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] cache peer only forward http , not https !!!
>
> 
>
>
> 1. You need to configure Squid with SSL Bump to capture HTTPS traffic.
> 2. You need to configure forwarded requests with splice/no bump. :)
>
> 10.11.15 22:42, Ahmad Alzaeem пишет:
> > Hi Guys I want proxy  and I
>
>       want it to forward http & https to remote proxy
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > Does the command below enogh ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > cache_peer 10.12.0.32  parent 8080  0 no-query no-digest
>
>       no-tproxy
>
>
>
>       > proxy-only
> No.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > or I need to add other line for https ??
> No.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > BTW the command line above work only for http not for https
> Sure.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > Any help ?
>
> *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE
IT IN YOUR ENVIRONMENT! ***
>
> # Privoxy+Tor acl
> acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"
>
> # SSL bump rules
> sslproxy_cert_error allow all
> acl DiscoverSNIHost at_step SslBump1
> ssl_bump peek DiscoverSNIHost
> acl NoSSLIntercept ssl::server_name_regex -i
"C:/Squid/etc/squid/url.nobump"
> acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor"
> ssl_bump splice NoSSLIntercept
> ssl_bump bump all
>
> # Privoxy+Tor access rules
> never_direct allow tor_url
>
> # Local Privoxy is cache parent
> cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
>
> cache_peer_access 127.0.0.1 allow tor_url
> cache_peer_access 127.0.0.1 deny all
>
> As you can see, this is just example. The idea described with first
two lines of my answer above.
> This snippet works for torified sites described in tor_url acl.
> NB: I do not guarantee this will work on your environment!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > _______________________________________________
>
>
>
>       > squid-users mailing list
>
>
>
>       > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
>
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWQjqaAAoJENNXIZxhPexGHLsH/A8M2GrcOrOTu+k4+iRHhH21
q0muY8vTpdGW6/keFek7r/df05NF8NJ4rg1a+j/RRFtdy0NEJWf663Xhg3Z5UT7K
6tLqF/8kjW0u3osuD6BCxjvWIe1elGJKIdBlBbIukIiK50ErdPBbAF26g4wdS1RG
hMQHDWjbZsBPSuhKDYWgGoddpozVUWrnMRM/YSY98LgnC738fUzJgWUXR0pjsF1p
EgkYPrawkkUzbJ6SqQA2MFZuQyqPl3nNYFvQVnwg9sGqrKU2f+cy/hv0Mj0O0rjI
7Gs7kHI9fT63dmkkiFDsaw6yRDXRak1qrb7htHoNkbrPrVm7eVXMTUy5ukWawOA=
=okeQ
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/51795fdc/attachment-0001.html>

More information about the squid-users mailing list