[squid-users] cache peer only forward http , not https !!!

Yuri Voinov yvoinov at gmail.com
Wed Nov 11 10:03:46 UTC 2015


You need to locate URLs which must be forward to parent.

If this is all URL's, config must looks like this:

never_direct allow all
cache_peer <peer_ip> parent <peer_port> 0 no-query no-digest default
cache_peer_access 127.0.0.1 allow all

And, finally, you must use Squid 3.5.x. Thit will not be work on 3.4.x.

11.11.15 14:39, Ahmad Alzaeem пишет:
>
> Here is what I mean
>
> [2.2.2-RELEASE][root at pfSense.mne]/root: tail -f 
> /var/squid/logs/access.log
>
> 1447234509.328 9718 172.23.101.251 TCP_MISS/200 1448 CONNECT 
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_DIRECT/54.192.55.248 -
>
> 1447234514.482 9622 172.23.101.251 TCP_MISS/200 1448 CONNECT 
> shavar.services.mozilla.com:443 - HIER_DIRECT/54.187.101.179 -
>
> 1447234519.858 59952 172.23.101.251 TCP_MISS/503 0 CONNECT 
> www.youtube.com:443 - HIER_NONE/- -
>
> 1447234560.135 71105 172.23.101.251 TCP_MISS/503 0 CONNECT 
> incoming.telemetry.mozilla.org:443 - HIER_NONE/- -
>
> 1447234569.644 70033 172.23.101.251 TCP_MISS/503 0 CONNECT 
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -
>
> 1447234569.644 70033 172.23.101.251 TCP_MISS/503 0 CONNECT 
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -
>
> 1447234569.644 70033 172.23.101.251 TCP_MISS/503 0 CONNECT 
> tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -
>
> 1447234575.091 60607 172.23.101.251 TCP_MISS/503 0 CONNECT 
> shavar.services.mozilla.com:443 - HIER_NONE/- -
>
> 1447234605.998 76379 172.23.101.251 TCP_MISS/503 0 CONNECT 
> self-repair.mozilla.org:443 - HIER_NONE/- -
>
> 1447234651.018 75705 172.23.101.251 TCP_MISS/503 0 CONNECT 
> safebrowsing.google.com:443 - HIER_NONE/- -
>
> cheers
>
> *From:*Yuri Voinov [mailto:yvoinov at gmail.com]
> *Sent:* Wednesday, November 11, 2015 12:49 AM
> *To:* Ahmad Alzaeem
> *Cc:* squid-users at lists.squid-cache.org; 'Amos Jeffries'
> *Subject:* Re: [squid-users] cache peer only forward http , not https !!!
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Are you see in access.log ip:443 CONNECT records?
>
> I.e., does your HTTPS traffic incoming to Squid?
>
> 11.11.15 1:45, Ahmad Alzaeem пишет:
> > Hi I don’t have ssl pump
>
>       >
>
>       >
>
>       >
>
>       > All my users user ip:port to have internet
>
>       >
>
>       >
>
>       >
>
>       >
>
>       >
>
>       > I already have ISA windows server and it works with http and
>
>       https
>
>       >
>
>       >
>
>       >
>
>       > Im wondering why all complexity needed for peer https
>
>       >
>
>       > !!!
>
>       >
>
>       >
>
>       >
>
>       >
>
>       >
>
>       > Anyway hnere is squid.conf
>
>       >
>
>       >
>
>       >
>
>       > # This file is automatically generated by pfSense
>
>       >
>
>       > # Do not edit manually !
>
>       >
>
>       >
>
>       >
>
>       > http_port 172.23.101.253:3128
>
>       >
>
>       > icp_port 0
>
>       >
>
>       > dns_v4_first on
>
>       >
>
>       > pid_filename /var/run/squid/squid.pid
>
>       >
>
>       > cache_effective_user proxy
>
>       >
>
>       > cache_effective_group proxy
>
>       >
>
>       > error_default_language en
>
>       >
>
>       > icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
>
>       >
>
>       > visible_hostname mne
>
>       >
>
>       > cache_mgr azaeem at mne.ps <mailto:azaeem at mne.ps> 
> <mailto:azaeem at mne.ps> <mailto:azaeem at mne.ps>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/db26dde8/attachment-0001.html>


More information about the squid-users mailing list