[squid-users] Squid configuration cache_peer does not take effect?
Amos Jeffries
squid3 at treenet.co.nz
Tue Feb 4 08:24:08 UTC 2020
On 4/02/20 7:50 pm, yohan83942 wrote:
> Something new has happened.
>
> [root at localhost squid-5.0.1]# /usr/local/squid/sbin/squid -z
> 2020/02/04 14:46:00| ERROR: Unknown TLS option '-bump'
> [root at localhost squid-5.0.1]# 2020/02/04 14:46:00| Created PID file
> (/usr/local/squid/var/run/squid.pid)
> 2020/02/04 14:46:00 kid1| ERROR: Unknown TLS option '-bump'
>
"ssl-bump" is not an option of cache_peer.
> This problem does not seem to affect the agent. But `cache_peer` still has
> no effect.
>
> # Squid normally listens to port 3128
> sslproxy_cert_error allow all
> #sslproxy_flags DONT_VERIFY_PEER
> http_access allow all
> always_direct allow all
This config requires traffic to *always* go direct to servers - not
cache_peers.
> ssl_bump bump all
> ssl_bump stare all
> sslproxy_cert_error allow all
> http_port 3128 ssl-bump cert=/usr/local/squid/etc/squid/squid.pem
> key=/usr/local/squid/etc/squid/squid.pem generate-host-certificates=on
> options=NO_SSLv2
All settings related to SSLv2 are not supported in any way since Squid-4.
> #http_port 3128
>
> #cache_peer 127.0.0.1 http parent 10809 0 no-query
> #cache_peer 192.168.1.101 parent 10809 0 no-query originserver weight=1
> #cache_peer_domain a www.google.com
> #cache_peer_access a allow all
>
> cache_peer 192.168.1.101 parent 10809 0 no-query ssl-bump ssl
> sslcert=/usr/local/squid/etc/squid/squid.pem
> sslcafile=/usr/local/squid/etc/squid/squid.pem
> never_direct allow all
> Can Squid access the Internet through a Socket5 proxy?
>
SOCKS proxies do not understand HTTP proxy syntax. So no, not like you
are thinking.
Amos
More information about the squid-users
mailing list