[squid-users] cache peer only forward http , not https !!!
Yuri Voinov
yvoinov at gmail.com
Wed Nov 11 11:18:02 UTC 2015
You are welcome :)
11.11.15 16:04, Ahmad Alzaeem пишет:
>
> Bro you were awsome !
>
> Thank you it worked
>
> I appreciate your help a lot
>
> I wish there is feedback in mailing list to give you 5/5 stars
>
> J
>
> cheers
>
> *From:*Yuri Voinov [mailto:yvoinov at gmail.com]
> *Sent:* Wednesday, November 11, 2015 1:04 PM
> *To:* Ahmad Alzaeem
> *Cc:* squid-users at lists.squid-cache.org
> *Subject:* Re: [squid-users] cache peer only forward http , not https !!!
>
> You need to locate URLs which must be forward to parent.
>
> If this is all URL's, config must looks like this:
>
> never_direct allow all
> cache_peer <peer_ip> parent <peer_port> 0 no-query no-digest default
> cache_peer_access 127.0.0.1 allow all
>
> And, finally, you must use Squid 3.5.x. Thit will not be work on 3.4.x.
>
> 11.11.15 14:39, Ahmad Alzaeem пишет:
>
> Here is what I mean
>
> [2.2.2-RELEASE][root at pfSense.mne <mailto:root at pfSense.mne>]/root:
> tail -f /var/squid/logs/access.log
>
> 1447234509.328 9718 172.23.101.251 TCP_MISS/200 1448 CONNECT
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_DIRECT/54.192.55.248 -
>
> 1447234514.482 9622 172.23.101.251 TCP_MISS/200 1448 CONNECT
> shavar.services.mozilla.com:443 - HIER_DIRECT/54.187.101.179 -
>
> 1447234519.858 59952 172.23.101.251 TCP_MISS/503 0 CONNECT
> www.youtube.com:443 <http://www.youtube.com:443> - HIER_NONE/- -
>
> 1447234560.135 71105 172.23.101.251 TCP_MISS/503 0 CONNECT
> incoming.telemetry.mozilla.org:443 - HIER_NONE/- -
>
> 1447234569.644 70033 172.23.101.251 TCP_MISS/503 0 CONNECT
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -
>
> 1447234569.644 70033 172.23.101.251 TCP_MISS/503 0 CONNECT
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -
>
> 1447234569.644 70033 172.23.101.251 TCP_MISS/503 0 CONNECT
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -
>
> 1447234575.091 60607 172.23.101.251 TCP_MISS/503 0 CONNECT
> shavar.services.mozilla.com:443 - HIER_NONE/- -
>
> 1447234605.998 76379 172.23.101.251 TCP_MISS/503 0 CONNECT
> self-repair.mozilla.org:443 - HIER_NONE/- -
>
> 1447234651.018 75705 172.23.101.251 TCP_MISS/503 0 CONNECT
> safebrowsing.google.com:443 - HIER_NONE/- -
>
> cheers
>
> *From:*Yuri Voinov [mailto:yvoinov at gmail.com]
> *Sent:* Wednesday, November 11, 2015 12:49 AM
> *To:* Ahmad Alzaeem
> *Cc:* squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>; 'Amos Jeffries'
> *Subject:* Re: [squid-users] cache peer only forward http , not
> https !!!
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Are you see in access.log ip:443 CONNECT records?
>
> I.e., does your HTTPS traffic incoming to Squid?
>
> 11.11.15 1:45, Ahmad Alzaeem пишет:
> > Hi I don’t have ssl pump
>
>
> >
>
>
> >
>
>
> >
>
>
> > All my users user ip:port to have internet
>
>
> >
>
>
> >
>
>
> >
>
>
> >
>
>
> >
>
>
> > I already have ISA windows server and it works with http and
>
> https
>
>
> >
>
>
> >
>
>
> >
>
>
> > Im wondering why all complexity needed for peer https
>
>
> >
>
>
> > !!!
>
>
> >
>
>
> >
>
>
> >
>
>
> >
>
>
> >
>
>
> > Anyway hnere is squid.conf
>
>
> >
>
>
> >
>
>
> >
>
>
> > # This file is automatically generated by pfSense
>
>
> >
>
>
> > # Do not edit manually !
>
>
> >
>
>
> >
>
>
> >
>
>
> > http_port 172.23.101.253:3128
>
>
> >
>
>
> > icp_port 0
>
>
> >
>
>
> > dns_v4_first on
>
>
> >
>
>
> > pid_filename /var/run/squid/squid.pid
>
>
> >
>
>
> > cache_effective_user proxy
>
>
> >
>
>
> > cache_effective_group proxy
>
>
> >
>
>
> > error_default_language en
>
>
> >
>
>
> > icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
>
>
> >
>
>
> > visible_hostname mne
>
>
> >
>
>
> > cache_mgr azaeem at mne.ps <mailto:azaeem at mne.ps>
> <mailto:azaeem at mne.ps> <mailto:azaeem at mne.ps>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/8763eb34/attachment-0001.html>
More information about the squid-users
mailing list