[squid-users] Routing
Илья Дейс
ilja.dejs at gmail.com
Wed Jul 27 08:03:26 UTC 2022
Hello,
I ran into a problem when routing connections from a specific address.
I need to use a dedicated channel for downloading video, and for
everything else, a port-dependent channel. Routing is based on the
receiving port of the proxy server. I am using ssl_bum
Config example:
http_port 3128 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3129 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3130 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3131 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3132 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3133 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3134 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3135 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3136 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
http_port 3137 tcpkeepalive=60,30,3 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US
E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem
acl media_files urlpath_regex -i
\.(3g2|3gp|3gpp|asf|asx|ashx|avi|bin|dat|f4v|flv|gtp|h264|m4v|mkv|mod|moov|mov|mp4|mpeg|mpg|mts|rm|rmvb|spl|srt|stl|swf|ts|vcd|vid|vob|webm|wm|wmv|yuv)
tcp_outgoing_address 10.3.0.2 media_files
acl port3128 localport 3128
acl port3129 localport 3129
acl port3130 localport 3130
acl port3131 localport 3131
acl port3132 localport 3132
acl port3133 localport 3133
acl port3134 localport 3134
acl port3135 localport 3135
acl port3136 localport 3136
acl port3137 localport 3137
tcp_outgoing_address 10.3.2.190 !media_files port3128
tcp_outgoing_address 10.3.2.191 !media_files port3129
tcp_outgoing_address 10.3.2.192 !media_files port3130
tcp_outgoing_address 10.3.2.193 !media_files port3131
tcp_outgoing_address 10.3.2.194 !media_files port3132
tcp_outgoing_address 10.3.2.195 !media_files port3133
tcp_outgoing_address 10.3.2.196 !media_files port3134
tcp_outgoing_address 10.3.2.197 !media_files port3135
tcp_outgoing_address 10.3.2.198 !media_files port3136
tcp_outgoing_address 10.3.2.199 !media_files port3137
When using HTTP (not SSL), this rules work fine, but with using HTTPS
protocol first (with debug) used rule for CONNECT, and after rules
with tcp_outgoing_address not applied.
I commented this line and rebuild squid, but no more effect
// skip if an outgoing address is already set.
// if (!conn->local.isAnyAddr()) return;
please help me
More information about the squid-users
mailing list