<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
I think, we need to take a look on your squid.conf first.<br>
<br>
10.11.15 23:18, Ahmad Alzaeem пишет:<br>
<span style="white-space: pre;">> Thank you , <br>
><br>
> <br>
><br>
> Can you just guide me for the https peer directive plz ?<br>
><br>
> I can take care of https intercept<br>
><br>
> <br>
><br>
> So with http , we have directive cache_peer 10.12.0.32
parent 8080 0 no-query no-digest<br>
><br>
> <br>
><br>
> As ok<br>
><br>
> <br>
><br>
> Now what about https directive ?<br>
><br>
> Can u help me<br>
><br>
> <br>
><br>
> Thanks a lot a lot a lot for your help<br>
><br>
> <br>
><br>
> cheers<br>
><br>
> <br>
><br>
> <br>
><br>
> From: squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>] On Behalf Of
Yuri Voinov<br>
> Sent: Tuesday, November 10, 2015 8:49 PM<br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> Subject: Re: [squid-users] cache peer only forward http , not
https !!!<br>
><br>
> <br>
><br>
><br>
> 1. You need to configure Squid with SSL Bump to capture HTTPS
traffic.<br>
> 2. You need to configure forwarded requests with splice/no
bump. :)<br>
><br>
> 10.11.15 22:42, Ahmad Alzaeem пишет:<br>
> > Hi Guys I want proxy and I<br>
><br>
> want it to forward http & https to remote proxy<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Does the command below enogh ?<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > cache_peer 10.12.0.32 parent 8080 0 no-query
no-digest<br>
><br>
> no-tproxy<br>
><br>
><br>
><br>
> > proxy-only<br>
> No.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > or I need to add other line for https ??<br>
> No.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > BTW the command line above work only for http not
for https<br>
> Sure.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Any help ?<br>
><br>
> *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND
COPY-N-PASTE IT IN YOUR ENVIRONMENT! ***<br>
><br>
> # Privoxy+Tor acl<br>
> acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"<br>
><br>
> # SSL bump rules<br>
> sslproxy_cert_error allow all<br>
> acl DiscoverSNIHost at_step SslBump1<br>
> ssl_bump peek DiscoverSNIHost<br>
> acl NoSSLIntercept ssl::server_name_regex -i
"C:/Squid/etc/squid/url.nobump"<br>
> acl NoSSLIntercept ssl::server_name_regex -i
"C:/Squid/etc/squid/url.tor"<br>
> ssl_bump splice NoSSLIntercept<br>
> ssl_bump bump all<br>
><br>
> # Privoxy+Tor access rules<br>
> never_direct allow tor_url<br>
><br>
> # Local Privoxy is cache parent<br>
> cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default<br>
><br>
> cache_peer_access 127.0.0.1 allow tor_url<br>
> cache_peer_access 127.0.0.1 deny all<br>
><br>
> As you can see, this is just example. The idea described with
first two lines of my answer above.<br>
> This snippet works for torified sites described in tor_url
acl.<br>
> NB: I do not guarantee this will work on your environment!<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > _______________________________________________<br>
><br>
><br>
><br>
> > squid-users mailing list<br>
><br>
><br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
><br>
><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJWQjqaAAoJENNXIZxhPexGHLsH/A8M2GrcOrOTu+k4+iRHhH21
<br>
q0muY8vTpdGW6/keFek7r/df05NF8NJ4rg1a+j/RRFtdy0NEJWf663Xhg3Z5UT7K
<br>
6tLqF/8kjW0u3osuD6BCxjvWIe1elGJKIdBlBbIukIiK50ErdPBbAF26g4wdS1RG
<br>
hMQHDWjbZsBPSuhKDYWgGoddpozVUWrnMRM/YSY98LgnC738fUzJgWUXR0pjsF1p
<br>
EgkYPrawkkUzbJ6SqQA2MFZuQyqPl3nNYFvQVnwg9sGqrKU2f+cy/hv0Mj0O0rjI
<br>
7Gs7kHI9fT63dmkkiFDsaw6yRDXRak1qrb7htHoNkbrPrVm7eVXMTUy5ukWawOA=
<br>
=okeQ
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>