[squid-users] cache peer problem with Https only !!

[Yuri Voinov]

Yes, 3.4.x can't forward https. Upgrade to 3.5.x

10.11.15 15:08, Ahmad Alzaeem пишет:
>
> Hi im using pfsense with cache peer
>
> Squid version is 3.4.10
>
> I have peer proxy on port 80 and I can use it with http and https
>
> Now if I use pfsense in the middle and let pfsense go to remote proxy 
> (10.12.0.32  port 80 )
>
> And I get internt from the pfsense proxy
>
> I only have http websites working !!!
>
> But https websites don’t work
>
> Any help ?
>
> Here is my pfsnese config :
>
> # This file is automatically generated by pfSense
>
> # Do not edit manually !
>
> http_port 172.23.101.253:3128
>
> icp_port 0
>
> dns_v4_first on
>
> pid_filename /var/run/squid/squid.pid
>
> cache_effective_user proxy
>
> cache_effective_group proxy
>
> error_default_language en
>
> icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
>
> visible_hostname mne
>
> cache_mgr azaeem at mne.ps
>
> access_log /var/squid/logs/access.log
>
> cache_log /var/squid/logs/cache.log
>
> cache_store_log none
>
> netdb_filename /var/squid/logs/netdb.state
>
> pinger_enable off
>
> pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
>
> logfile_rotate 2
>
> debug_options rotate=2
>
> shutdown_lifetime 3 seconds
>
> # Allow local network(s) on interface(s)
>
> acl localnet src  172.23.101.0/24
>
> forwarded_for off
>
> via off
>
> httpd_suppress_version_string on
>
> uri_whitespace strip
>
> acl dynamic urlpath_regex cgi-bin ?
>
> cache deny dynamic
>
> cache_mem 64 MB
>
> maximum_object_size_in_memory 256 KB
>
> memory_replacement_policy heap GDSF
>
> cache_replacement_policy heap LFUDA
>
> minimum_object_size 0 KB
>
> maximum_object_size 4 MB
>
> cache_dir ufs /var/squid/cache 100 16 256
>
> offline_mode off
>
> cache_swap_low 90
>
> cache_swap_high 95
>
> cache allow all
>
> # Add any of your own refresh_pattern entries above these.
>
> refresh_pattern ^ftp:    1440  20%  10080
>
> refresh_pattern ^gopher:  1440  0%  1440
>
> refresh_pattern -i (/cgi-bin/|?) 0  0%  0
>
> refresh_pattern .    0  20%  4320
>
> #Remote proxies
>
> # Setup some default acls
>
> # From 3.2 further configuration cleanups have been done to make 
> things easier and safer. The manager, localhost, and to_localhost ACL 
> definitions are now built-in.
>
> # acl localhost src 127.0.0.1/32
>
> acl allsrc src all
>
> acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 
> 3127 1025-65535
>
> acl sslports port 443 563
>
> # From 3.2 further configuration cleanups have been done to make 
> things easier and safer. The manager, localhost, and to_localhost ACL 
> definitions are now built-in.
>
> #acl manager proto cache_object
>
> acl purge method PURGE
>
> acl connect method CONNECT
>
> # Define protocols used for redirects
>
> acl HTTP proto HTTP
>
> acl HTTPS proto HTTPS
>
> http_access allow manager localhost
>
> http_access deny manager
>
> http_access allow purge localhost
>
> http_access deny purge
>
> http_access deny !safeports
>
> http_access deny CONNECT !sslports
>
> # Always allow localhost connections
>
> # From 3.2 further configuration cleanups have been done to make 
> things easier and safer.
>
> # The manager, localhost, and to_localhost ACL definitions are now 
> built-in.
>
> # http_access allow localhost
>
> request_body_max_size 0 KB
>
> delay_access 1 allow allsrc
>
> # Reverse Proxy settings
>
> # Custom options before auth
>
> dns_nameservers 8.8.8.8 10.12.0.33
>
> cache_peer 10.12.0.32  parent 80 0 no-query no-digest no-tproxy proxy-only
>
> # Setup allowed acls
>
> # Allow local network(s) on interface(s)
>
> http_access allow localnet
>
> # Default block all to be sure
>
> http_access deny allsrc
>
> cheers
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/1e58b4cf/attachment-0001.html>