[squid-users] Hint for howto wanted ...

Walter H. Walter.H at mathemainzel.info
Mon Nov 28 04:42:11 UTC 2016 

Hello,

yes I have full control of all three proxies,  both local proxies and 
remote proxy; and in my LAN I use static IP addresses;

cache_peer_access remote-proxy allow remote-domains <-- this is 
neccessary because a few domains
                                                                                                             have geo location restrictions which are bypassed with this
cache_peer_access remote-proxy allow tv-device <-- but this sends 
anything from the TV there,
                                                                                                even requests that should be blocked ...
                                                                                                 (selective doesn't work)

the proxy that is used by the clients is a squid 3.1.23, the one that is 
remote is a 3.4.14 and the local parent proxy is a 3.5.20

Thanks,
Walter


On 28.11.2016 04:40, Eliezer Croitoru wrote:
> A question that will simplify things:
> Are you full in control of the remote and the local proxy?
> If so you can create a tunnel from the local gateway to the remote squid and
> pass the web traffic in the routing level.
> This way you would be able to intercept port 80 on the remote proxy and if
> required also BUMP the ip addresses you want.
>
> If you have static IP addresses you would probably be able to decide which
> of the clients you will bump or not.
> I think that TV in general in the form I know of needs filtering since not
> everything there you will want anyone to see.
> But again maybe in your area TV is something else then in mine.
>
> If you need more help let me know.
>
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Walter H.
> Sent: Sunday, November 27, 2016 19:17
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Hint for howto wanted ...
>
> Hello,
>
> I've got a special problem ...
>
> I have several devices in my LAN:
> - PCs, Notebooks
> - a Tablet-PC
> - a Smartphone
> - a Television
>
> on my LAN I've two squids as VMs on my PC (both are CentOS 6)
>
> I also have a virtual server (a CentOS 6, too)  at a webhoster in a
> different country, which I have configured as a proxy (squid) only for me
> besides the web service;
>
> /etc/squid/squid.conf of the main proxy, which is used as proxy by the
> clients has this ...
>
> acl tv-device src ip-of-tv
>
> cache_peer parentproxy.local                  parent 3128 0
> name=local-proxy proxy-only no-digest default cache_peer
> virtualserver-at-webhoster  parent 3128 0 name=remote-proxy proxy-only
> no-digest
>
> acl remote-domains dstdomain "/etc/squid/remote-domains-acl.squid"
>
> cache_peer_access remote-proxy allow remote-domains cache_peer_access
> remote-proxy allow tv-device cache_peer_access remote-proxy deny all
>
> cache_peer_access local-proxy allow !tv-device
>
> this proxy and the one at the webhoster don't do SSL-bump, only the parent
> proxy does ...
> at the moment only the parentproxy.local does filtering and blocks unwandted
> IPs, hosts, ...
>
> what is the easiest way to do smart filtering for the tv-device, as this
> doesn't use parentproxy.local at all ...
> do  I really have to do smart filtering on both, the one at the hoster (plus
> SSL bump) and the parentproxy that already does?
>
> Thanks,
> Walter
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3827 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161128/1d79b1aa/attachment-0001.bin>

More information about the squid-users mailing list