[squid-users] cache peer only forward http , not https !!!

Ahmad Alzaeem ahmed.zaeem at netstream.ps
Tue Nov 10 17:18:45 UTC 2015


Thank you , 

 

Can you just guide me for the https peer directive plz ?

I can take care of https intercept

 

So with http , we have directive cache_peer 10.12.0.32  parent 8080  0 no-query no-digest

 

As ok

 

Now what about https directive ?

Can u help me

 

Thanks a lot a lot a lot for your help

 

cheers

 

 

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Yuri Voinov
Sent: Tuesday, November 10, 2015 8:49 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] cache peer only forward http , not https !!!

 


-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA256 
 
1. You need to configure Squid with SSL Bump to capture HTTPS traffic.
2. You need to configure forwarded requests with splice/no bump. :)

10.11.15 22:42, Ahmad Alzaeem пишет:
> Hi Guys I want proxy  and I

      want it to forward http & https to remote proxy



      >



      >  



      >



      > Does the command below enogh ?



      >



      >  



      >



      > cache_peer 10.12.0.32  parent 8080  0 no-query no-digest

      no-tproxy



      > proxy-only
No.
>



      >



      >  



      >



      > or I need to add other line for https ??
No.
>



      >



      >  



      >



      > BTW the command line above work only for http not for https 
Sure.
>



      >



      >  



      >



      > Any help ?

*** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! ***

# Privoxy+Tor acl
acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"

# SSL bump rules
sslproxy_cert_error allow all
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump"
acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor"
ssl_bump splice NoSSLIntercept
ssl_bump bump all

# Privoxy+Tor access rules
never_direct allow tor_url

# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default

cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all

As you can see, this is just example. The idea described with first two lines of my answer above.
This snippet works for torified sites described in tor_url acl.
NB: I do not guarantee this will work on your environment!

>



      >



      >  



      >



      >  



      >



      >



     >



      >



      > _______________________________________________



      > squid-users mailing list



      > squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 



      > http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v2 
 
iQEcBAEBCAAGBQJWQi4dAAoJENNXIZxhPexG0SEH/jjiJogO+BkgsjCLjt394UQ6 
0qniwV6kBg9daS/3AWrLE3VizP8LnsHwLo3EQi/hdcuY0QPZUwablWt0emGlkZ/w 
EnUUeyuZwqV9EP2z+I3apwg49E9vVV/dv6+HJSkorj0ibMlTPvdT4nMKr/zywnp7 
fLmyQ8Gfn418g8+SHcQvouHFGRRecLjLi/B9OjdsT29O0tpH628Spv5+JYBzGrqh 
FulBz6tzRLpE8W3JHMJjSXEuXbjeI8F2TVPd23g0TeBQaNMKAJwR9qPiYBgBJBhW 
9Wk45ccPcwFHxZJgVZCkfj0SHVvnNX3A7tCwldQNFh9DveKtobRJTntMGqljwWI= 
=dgIc 
-----END PGP SIGNATURE----- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151110/1f2388e2/attachment-0001.html>


More information about the squid-users mailing list