<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
You just must remember my two first line from previous mail.<br>
<br>
You need to configure Squid with SSL Bump to capture HTTPS traffic.
Or, of course, you can configure your Squid as non-transparent
forwarding proxy. All you need:<br>
<br>
Your Squid must see HTTPS-traffic in any way. Either with SSL Bump,
or just tunneling (forwarding proxy).<br>
<br>
and, finally:<br>
<br>
3. You don't need any special directives for cache_peer with https.<br>
<br>
10.11.15 23:18, Ahmad Alzaeem пишет:<br>
<span style="white-space: pre;">> Thank you , <br>
><br>
> <br>
><br>
> Can you just guide me for the https peer directive plz ?<br>
><br>
> I can take care of https intercept<br>
><br>
> <br>
><br>
> So with http , we have directive cache_peer 10.12.0.32
parent 8080 0 no-query no-digest<br>
><br>
> <br>
><br>
> As ok<br>
><br>
> <br>
><br>
> Now what about https directive ?<br>
><br>
> Can u help me<br>
><br>
> <br>
><br>
> Thanks a lot a lot a lot for your help<br>
><br>
> <br>
><br>
> cheers<br>
><br>
> <br>
><br>
> <br>
><br>
> From: squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>] On Behalf Of
Yuri Voinov<br>
> Sent: Tuesday, November 10, 2015 8:49 PM<br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> Subject: Re: [squid-users] cache peer only forward http , not
https !!!<br>
><br>
> <br>
><br>
><br>
> 1. You need to configure Squid with SSL Bump to capture HTTPS
traffic.<br>
> 2. You need to configure forwarded requests with splice/no
bump. :)<br>
><br>
> 10.11.15 22:42, Ahmad Alzaeem пишет:<br>
> > Hi Guys I want proxy and I<br>
><br>
> want it to forward http & https to remote proxy<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Does the command below enogh ?<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > cache_peer 10.12.0.32 parent 8080 0 no-query
no-digest<br>
><br>
> no-tproxy<br>
><br>
><br>
><br>
> > proxy-only<br>
> No.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > or I need to add other line for https ??<br>
> No.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > BTW the command line above work only for http not
for https<br>
> Sure.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Any help ?<br>
><br>
> *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND
COPY-N-PASTE IT IN YOUR ENVIRONMENT! ***<br>
><br>
> # Privoxy+Tor acl<br>
> acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"<br>
><br>
> # SSL bump rules<br>
> sslproxy_cert_error allow all<br>
> acl DiscoverSNIHost at_step SslBump1<br>
> ssl_bump peek DiscoverSNIHost<br>
> acl NoSSLIntercept ssl::server_name_regex -i
"C:/Squid/etc/squid/url.nobump"<br>
> acl NoSSLIntercept ssl::server_name_regex -i
"C:/Squid/etc/squid/url.tor"<br>
> ssl_bump splice NoSSLIntercept<br>
> ssl_bump bump all<br>
><br>
> # Privoxy+Tor access rules<br>
> never_direct allow tor_url<br>
><br>
> # Local Privoxy is cache parent<br>
> cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default<br>
><br>
> cache_peer_access 127.0.0.1 allow tor_url<br>
> cache_peer_access 127.0.0.1 deny all<br>
><br>
> As you can see, this is just example. The idea described with
first two lines of my answer above.<br>
> This snippet works for torified sites described in tor_url
acl.<br>
> NB: I do not guarantee this will work on your environment!<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > _______________________________________________<br>
><br>
><br>
><br>
> > squid-users mailing list<br>
><br>
><br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
><br>
><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJWQjZSAAoJENNXIZxhPexGgXcH/RGcP659oJqW+tD+YIUDAkWz
<br>
W4QEwik9mS/TtdvtHy6rQbnVNPp5Tk451JvMsmfjGW91xZBUL+Owa35TLaLo2B7p
<br>
ypYXdwr/q42VgbtZ1pawZyHaC/CIotcM5A7Gv28kGuaWVsqgXIn35tQ3bbmqQeDr
<br>
3+aNYSUv7qwwIqXMIExoWY4aDAUYIMlhtmjydRXKPTmdr2tlZHRwGLPhbP69i2cB
<br>
Y79JFCsz03cq5Ohzh41hc7TqdZ5QeoVWMri/TcnOu3gBIuJ2vmVvNqtV4yykwSbn
<br>
2lhd0qaZX64JJVNhrNEnyAI1sK/VaJgh71yn11JddG7Q+ZYp4rlxxS0bmD1uDbg=
<br>
=CfyG
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>