[squid-users] cache peer problem with Https only !!

Ahmad Alzaeem ahmed.zaeem at netstream.ps
Tue Nov 10 09:08:50 UTC 2015 

Hi im using pfsense with cache peer

 

Squid version is 3.4.10

 

I have peer proxy on port 80 and I can use it with http and https

Now if I use pfsense in the middle and let pfsense go to remote proxy
(10.12.0.32  port 80 )

 

And I get internt from the pfsense proxy 

 

 

I only have http websites working !!!

 

But https websites don't work

 

Any help ?

 

Here is my pfsnese config :

 

 

# This file is automatically generated by pfSense

# Do not edit manually !

 

http_port 172.23.101.253:3128

icp_port 0

dns_v4_first on

pid_filename /var/run/squid/squid.pid

cache_effective_user proxy

cache_effective_group proxy

error_default_language en

icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons

visible_hostname mne

cache_mgr azaeem at mne.ps

access_log /var/squid/logs/access.log

cache_log /var/squid/logs/cache.log

cache_store_log none

netdb_filename /var/squid/logs/netdb.state

pinger_enable off

pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger

 

logfile_rotate 2

debug_options rotate=2

shutdown_lifetime 3 seconds

# Allow local network(s) on interface(s)

acl localnet src  172.23.101.0/24

forwarded_for off

via off

httpd_suppress_version_string on

uri_whitespace strip

 

acl dynamic urlpath_regex cgi-bin ?

cache deny dynamic

 

cache_mem 64 MB

maximum_object_size_in_memory 256 KB

memory_replacement_policy heap GDSF

cache_replacement_policy heap LFUDA

minimum_object_size 0 KB

maximum_object_size 4 MB

cache_dir ufs /var/squid/cache 100 16 256

offline_mode off

cache_swap_low 90

cache_swap_high 95

cache allow all

 

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:    1440  20%  10080

refresh_pattern ^gopher:  1440  0%  1440

refresh_pattern -i (/cgi-bin/|?) 0  0%  0

refresh_pattern .    0  20%  4320

 

 

#Remote proxies

 

 

# Setup some default acls

# From 3.2 further configuration cleanups have been done to make things
easier and safer. The manager, localhost, and to_localhost ACL definitions
are now built-in.

# acl localhost src 127.0.0.1/32

acl allsrc src all

acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127
1025-65535 

acl sslports port 443 563  

 

# From 3.2 further configuration cleanups have been done to make things
easier and safer. The manager, localhost, and to_localhost ACL definitions
are now built-in.

#acl manager proto cache_object

 

acl purge method PURGE

acl connect method CONNECT

 

# Define protocols used for redirects

acl HTTP proto HTTP

acl HTTPS proto HTTPS

http_access allow manager localhost

 

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !safeports

http_access deny CONNECT !sslports

 

# Always allow localhost connections

# From 3.2 further configuration cleanups have been done to make things
easier and safer.

# The manager, localhost, and to_localhost ACL definitions are now built-in.

# http_access allow localhost

 

request_body_max_size 0 KB

 

 

 

 

delay_access 1 allow allsrc

 

# Reverse Proxy settings

 

 

# Custom options before auth

dns_nameservers 8.8.8.8 10.12.0.33

cache_peer 10.12.0.32  parent 80 0 no-query no-digest no-tproxy proxy-only

 

# Setup allowed acls

# Allow local network(s) on interface(s)

http_access allow localnet

# Default block all to be sure

http_access deny allsrc

 

 

 

 

cheers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151110/9d3a01a2/attachment-0001.html>

More information about the squid-users mailing list