[squid-users] Hint for howto wanted ...

Eliezer Croitoru eliezer at ngtech.co.il
Mon Nov 28 03:40:09 UTC 2016

A question that will simplify things:
Are you full in control of the remote and the local proxy?
If so you can create a tunnel from the local gateway to the remote squid and
pass the web traffic in the routing level.
This way you would be able to intercept port 80 on the remote proxy and if
required also BUMP the ip addresses you want.

If you have static IP addresses you would probably be able to decide which
of the clients you will bump or not.
I think that TV in general in the form I know of needs filtering since not
everything there you will want anyone to see.
But again maybe in your area TV is something else then in mine.

If you need more help let me know.


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of Walter H.
Sent: Sunday, November 27, 2016 19:17
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Hint for howto wanted ...


I've got a special problem ...

I have several devices in my LAN:
- PCs, Notebooks
- a Tablet-PC
- a Smartphone
- a Television

on my LAN I've two squids as VMs on my PC (both are CentOS 6)

I also have a virtual server (a CentOS 6, too)  at a webhoster in a
different country, which I have configured as a proxy (squid) only for me
besides the web service;

/etc/squid/squid.conf of the main proxy, which is used as proxy by the
clients has this ...

acl tv-device src ip-of-tv

cache_peer parentproxy.local                  parent 3128 0 
name=local-proxy proxy-only no-digest default cache_peer
virtualserver-at-webhoster  parent 3128 0 name=remote-proxy proxy-only

acl remote-domains dstdomain "/etc/squid/remote-domains-acl.squid"

cache_peer_access remote-proxy allow remote-domains cache_peer_access
remote-proxy allow tv-device cache_peer_access remote-proxy deny all

cache_peer_access local-proxy allow !tv-device

this proxy and the one at the webhoster don't do SSL-bump, only the parent
proxy does ...
at the moment only the parentproxy.local does filtering and blocks unwandted
IPs, hosts, ...

what is the easiest way to do smart filtering for the tv-device, as this
doesn't use parentproxy.local at all ...
do  I really have to do smart filtering on both, the one at the hoster (plus
SSL bump) and the parentproxy that already does?


More information about the squid-users mailing list