[squid-users] cache peer only forward http , not https !!!

Yuri Voinov yvoinov at gmail.com
Tue Nov 10 18:30:08 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
I'm probably a little misled. The fact that my configuration is a proxy
with a bump. What complicates the task. In the case of conventional
non-transparent proxy no tricks are usually not required except that it
is necessary to enforce drive of the encrypted traffic to the proxy.

10.11.15 23:18, Ahmad Alzaeem пишет:
> Thank you , 
>
> 
>
> Can you just guide me for the https peer directive plz ?
>
> I can take care of https intercept
>
> 
>
> So with http , we have directive cache_peer 10.12.0.32  parent 8080  0
no-query no-digest
>
> 
>
> As ok
>
> 
>
> Now what about https directive ?
>
> Can u help me
>
> 
>
> Thanks a lot a lot a lot for your help
>
> 
>
> cheers
>
> 
>
> 
>
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
On Behalf Of Yuri Voinov
> Sent: Tuesday, November 10, 2015 8:49 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] cache peer only forward http , not https !!!
>
> 
>
>
> 1. You need to configure Squid with SSL Bump to capture HTTPS traffic.
> 2. You need to configure forwarded requests with splice/no bump. :)
>
> 10.11.15 22:42, Ahmad Alzaeem пишет:
> > Hi Guys I want proxy  and I
>
>       want it to forward http & https to remote proxy
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > Does the command below enogh ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > cache_peer 10.12.0.32  parent 8080  0 no-query no-digest
>
>       no-tproxy
>
>
>
>       > proxy-only
> No.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > or I need to add other line for https ??
> No.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > BTW the command line above work only for http not for https
> Sure.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > Any help ?
>
> *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE
IT IN YOUR ENVIRONMENT! ***
>
> # Privoxy+Tor acl
> acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"
>
> # SSL bump rules
> sslproxy_cert_error allow all
> acl DiscoverSNIHost at_step SslBump1
> ssl_bump peek DiscoverSNIHost
> acl NoSSLIntercept ssl::server_name_regex -i
"C:/Squid/etc/squid/url.nobump"
> acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor"
> ssl_bump splice NoSSLIntercept
> ssl_bump bump all
>
> # Privoxy+Tor access rules
> never_direct allow tor_url
>
> # Local Privoxy is cache parent
> cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
>
> cache_peer_access 127.0.0.1 allow tor_url
> cache_peer_access 127.0.0.1 deny all
>
> As you can see, this is just example. The idea described with first
two lines of my answer above.
> This snippet works for torified sites described in tor_url acl.
> NB: I do not guarantee this will work on your environment!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       > _______________________________________________
>
>
>
>       > squid-users mailing list
>
>
>
>       > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
>
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWQjewAAoJENNXIZxhPexGIdcH/Rf/cWyQd0iOxDOe2ICKLe3j
TEAeDl3kRPZ0tBER2EUgUScgTPYrUycQKNQ6FFX59pZMhekyWihsQoyG4o5Kr+GF
VjISK4RGGm3u9nma5uX4ksz1EcxRkfW+fdR+qfQvz4mjH22vC8Y2sC6IzogekwoJ
GSkP7QLWGAKJgJzmy7edsNUFkSXdKKxmmItL5ZfEIoc+f4zRLg7czfL1/D9Kh1Pt
YsSCJtTbb5k6H/IGgQmIxBYjDMsG04VoVjHjqgVTmb+8tcmScwxnHiBpn97AtepY
1oj5TnizKqCIgsUQeb/yi71l7JXl+9JskLrOMsca27h67woz2aA0FSJ4BlBBd/M=
=CD0W
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/17cfa989/attachment.html>


More information about the squid-users mailing list