[squid-users] How to setup a secure(!) squid proxy
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 13 10:19:21 UTC 2016
On 13/01/2016 10:16 p.m., startrekfan wrote:
> Hello
>
> I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not
> very familiar with squid and https in general.
>
> I already perfomed the following steps:
>
> *1.) compile from source*
> ./configure --with-openssl --enable-ssl-crtd
> make
> make install
You now have Squid pieces installed in the BSD default locations.
>
> *2.) configuration (http)*
> I used this guide: https://help.ubuntu.com/community/Squid
>
Is this an Ubuntu system? if not the Ubuntu advice will be wrong.
At the very least the advice to start installing Squid with "apt-get
install apache2" is wrong.
> *3.) configuration (https)*
> I used this guide: http://wiki.squid-cache.org/ConfigExamp ... mpExplicit
huh? what URL was that supposed to be?
>
> The server is now working for http and https, but is the server secure, too?
>
> Is the default config already secure or do I need to configure additional
> security features? (e.g. things like cert validation, cert pinning, [dont
> know what's importend], ...)
>
The default squid.conf perfoms HTTP securely. Without HTTPS. What your
config does nobody can say without seeing what it is.
Amos
More information about the squid-users
mailing list