[squid-users] How to setup a secure(!) squid proxy

Yuri Voinov yvoinov at gmail.com
Fri Jan 15 10:49:06 UTC 2016



15.01.16 16:13, startrekfan пишет:
> Hello
>
> I`m sorry. I'm not a native speaker so I maybe don't find the right words.
>
> I'd like to setup a proxy that can scan the incoming traffic for virus 
> (squidclamav). To do that for a https/ssl connection I need the squid 
> ssl-bump feature or is there an other solution?
>
> Now I want to setup the ssl-bump feature as safe as using no ssl-bump. 
> Is this possible with squid 3.4? (Of course every one who has my CA 
> cert can decrypt the traffic, but I keep it safe.)
> Squid is communicating with the remote server(webserver). I'd like to 
> have at least this communication as safe as using a normal browser.
>
> Does squid 3.4 do all the necessary steps like checking the 
> certificate validity? What about advanced features like cert pinning?
I don't think 3.4 is enough. May be 3.5 or higher.
>
> How do I configure ssl virus scanning? Are this steps enough: 
> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
>
> Thank you again :)
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160115/80fe2749/attachment-0001.html>


More information about the squid-users mailing list