[squid-users] cache peer only forward http , not https !!!

Ahmad Alzaeem ahmed.zaeem at netstream.ps
Wed Nov 11 10:04:36 UTC 2015


Bro you were awsome !

 

Thank you it worked

 

I appreciate your help a lot

 

I wish there is feedback in mailing list to give you 5/5 stars

:)

 

cheers

 

From: Yuri Voinov [mailto:yvoinov at gmail.com] 
Sent: Wednesday, November 11, 2015 1:04 PM
To: Ahmad Alzaeem
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] cache peer only forward http , not https !!!

 

You need to locate URLs which must be forward to parent.

If this is all URL's, config must looks like this:

never_direct allow all
cache_peer <peer_ip> parent <peer_port> 0 no-query no-digest default
cache_peer_access 127.0.0.1 allow all

And, finally, you must use Squid 3.5.x. Thit will not be work on 3.4.x.

11.11.15 14:39, Ahmad Alzaeem пишет:

Here is what I mean 

[2.2.2-RELEASE][root at pfSense.mne <mailto:root at pfSense.mne> ]/root: tail -f /var/squid/logs/access.log 

1447234509.328   9718 172.23.101.251 TCP_MISS/200 1448 CONNECT tiles-cloudfront.cdn.mozilla.net:443 - HIER_DIRECT/54.192.55.248 -

1447234514.482   9622 172.23.101.251 TCP_MISS/200 1448 CONNECT shavar.services.mozilla.com:443 - HIER_DIRECT/54.187.101.179 -

1447234519.858  59952 172.23.101.251 TCP_MISS/503 0 CONNECT www.youtube.com:443 <http://www.youtube.com:443>  - HIER_NONE/- -

1447234560.135  71105 172.23.101.251 TCP_MISS/503 0 CONNECT incoming.telemetry.mozilla.org:443 - HIER_NONE/- -

1447234569.644  70033 172.23.101.251 TCP_MISS/503 0 CONNECT tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -

1447234569.644  70033 172.23.101.251 TCP_MISS/503 0 CONNECT tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -

1447234569.644  70033 172.23.101.251 TCP_MISS/503 0 CONNECT tiles-cloudfront.cdn.mozilla.net:443 - HIER_NONE/- -

1447234575.091  60607 172.23.101.251 TCP_MISS/503 0 CONNECT shavar.services.mozilla.com:443 - HIER_NONE/- -

1447234605.998  76379 172.23.101.251 TCP_MISS/503 0 CONNECT self-repair.mozilla.org:443 - HIER_NONE/- -

1447234651.018  75705 172.23.101.251 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - HIER_NONE/- -

 

cheers

 

From: Yuri Voinov [mailto:yvoinov at gmail.com] 
Sent: Wednesday, November 11, 2015 12:49 AM
To: Ahmad Alzaeem
Cc: squid-users at lists.squid-cache.org; 'Amos Jeffries'
Subject: Re: [squid-users] cache peer only forward http , not https !!!

 


-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA256 
 
Are you see in access.log ip:443 CONNECT records?

I.e., does your HTTPS traffic incoming to Squid?

11.11.15 1:45, Ahmad Alzaeem пишет:
> Hi I don’t have ssl pump




      >




      >  




      >




      > All my users user ip:port to have internet




      >




      >  




      >




      >  




      >




      > I already have ISA windows server and it works with http and

      https




      >




      >  




      >




      > Im wondering why all complexity needed for peer https 




      >




      > !!!




      >




      >  




      >




      >  




      >




      > Anyway hnere is squid.conf




      >




      >  




      >




      > # This file is automatically generated by pfSense




      >




      > # Do not edit manually !




      >




      >  




      >




      > http_port 172.23.101.253:3128




      >




      > icp_port 0




      >




      > dns_v4_first on




      >




      > pid_filename /var/run/squid/squid.pid




      >




      > cache_effective_user proxy




      >




      > cache_effective_group proxy




      >




      > error_default_language en




      >




      > icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons




      >




      > visible_hostname mne




      >




      > cache_mgr azaeem at mne.ps <mailto:azaeem at mne.ps>   <mailto:azaeem at mne.ps> <mailto:azaeem at mne.ps> 
 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/1af04a5d/attachment.html>


More information about the squid-users mailing list