[squid-users] How to setup a secure(!) squid proxy

startrekfan startrekfan75 at freenet.de
Mon Jan 18 07:07:28 UTC 2016


Just talked to the debian guys. They won't upgrade squid to 3.5 in
debian jessi. It's also hard for me, to implement unstable components
in a productive system.

But the debian guys told me, that they will build own patches for
3.4.8 to fix critical problems if you report them properly to

https://packages.qa.debian.org/s/squid3.html or

security at debian.org


I hope/think you already do. So I think 3.4.8 should work for me as well.


>* Hello
*>>* I`m sorry. I'm not a native speaker so I maybe don't find the right words.
*>>* I'd like to setup a proxy that can scan the incoming traffic for virus
*>* (squidclamav). To do that for a https/ssl connection I need the squid
*>* ssl-bump feature or is there an other solution?
*>>* Now I want to setup the ssl-bump feature as safe as using no ssl-bump.
*>* Is this possible with squid 3.4? (Of course every one who has my CA
*>* cert can decrypt the traffic, but I keep it safe.)
*>* Squid is communicating with the remote server(webserver). I'd like to
*>* have at least this communication as safe as using a normal browser.
*>>* Does squid 3.4 do all the necessary steps like checking the
*>* certificate validity? What about advanced features like cert pinning?
*I don't think 3.4 is enough. May be 3.5 or higher.
>>* How do I configure ssl virus scanning? Are this steps enough:
*>* http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
<http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit>
*http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
>>* Thank you again :)
*>>>* _______________________________________________
*>* squid-users mailing list
*>* squid-users at lists.squid-cache.org
<http://lists.squid-cache.org/listinfo/squid-users>
*>* http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160118/ad2b2238/attachment.html>


More information about the squid-users mailing list