[squid-users] Hint for howto wanted ...
Walter H.
Walter.H at mathemainzel.info
Mon Nov 28 04:42:11 UTC 2016
Hello,
yes I have full control of all three proxies, both local proxies and
remote proxy; and in my LAN I use static IP addresses;
cache_peer_access remote-proxy allow remote-domains <-- this is
neccessary because a few domains
have geo location restrictions which are bypassed with this
cache_peer_access remote-proxy allow tv-device <-- but this sends
anything from the TV there,
even requests that should be blocked ...
(selective doesn't work)
the proxy that is used by the clients is a squid 3.1.23, the one that is
remote is a 3.4.14 and the local parent proxy is a 3.5.20
Thanks,
Walter
On 28.11.2016 04:40, Eliezer Croitoru wrote:
> A question that will simplify things:
> Are you full in control of the remote and the local proxy?
> If so you can create a tunnel from the local gateway to the remote squid and
> pass the web traffic in the routing level.
> This way you would be able to intercept port 80 on the remote proxy and if
> required also BUMP the ip addresses you want.
>
> If you have static IP addresses you would probably be able to decide which
> of the clients you will bump or not.
> I think that TV in general in the form I know of needs filtering since not
> everything there you will want anyone to see.
> But again maybe in your area TV is something else then in mine.
>
> If you need more help let me know.
>
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Walter H.
> Sent: Sunday, November 27, 2016 19:17
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Hint for howto wanted ...
>
> Hello,
>
> I've got a special problem ...
>
> I have several devices in my LAN:
> - PCs, Notebooks
> - a Tablet-PC
> - a Smartphone
> - a Television
>
> on my LAN I've two squids as VMs on my PC (both are CentOS 6)
>
> I also have a virtual server (a CentOS 6, too) at a webhoster in a
> different country, which I have configured as a proxy (squid) only for me
> besides the web service;
>
> /etc/squid/squid.conf of the main proxy, which is used as proxy by the
> clients has this ...
>
> acl tv-device src ip-of-tv
>
> cache_peer parentproxy.local parent 3128 0
> name=local-proxy proxy-only no-digest default cache_peer
> virtualserver-at-webhoster parent 3128 0 name=remote-proxy proxy-only
> no-digest
>
> acl remote-domains dstdomain "/etc/squid/remote-domains-acl.squid"
>
> cache_peer_access remote-proxy allow remote-domains cache_peer_access
> remote-proxy allow tv-device cache_peer_access remote-proxy deny all
>
> cache_peer_access local-proxy allow !tv-device
>
> this proxy and the one at the webhoster don't do SSL-bump, only the parent
> proxy does ...
> at the moment only the parentproxy.local does filtering and blocks unwandted
> IPs, hosts, ...
>
> what is the easiest way to do smart filtering for the tv-device, as this
> doesn't use parentproxy.local at all ...
> do I really have to do smart filtering on both, the one at the hoster (plus
> SSL bump) and the parentproxy that already does?
>
> Thanks,
> Walter
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3827 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161128/1d79b1aa/attachment-0001.bin>
More information about the squid-users
mailing list