[squid-users] Squid 4.6 Transparent HTTP & HTTPS Proxy

dkanejs dkanejs at gmail.com
Thu Mar 7 12:35:12 UTC 2019 

Thanks for the reply and apologies my post didn't include the HTML fragments:

Configuration:

./configure \
    --enable-ssl \
    --enable-ssl-crtd \
    --with-openssl \
    --disable-arch-native \
    --prefix=/usr \
    --localstatedir=/var \
    --sysconfdir=/etc/squid \
    --libexecdir=/usr/lib/squid \
    --datadir=/usr/share/squid \
    --with-default-user=proxy \
    --with-logdir=/var/log/squid \
    --with-pidfile=/var/run/squid.pid

Squid configuration:

visible_hostname squid
http_port 3128
acl whitelist dstdomain .example.com
http_access allow whitelist
https_port 3129 cert=/etc/squid/squid.pem
options=NO_SSLv2,NO_SSLv3,NO_TLSv1,NO_TLSv1_1,NO_TICKET 
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
ssl-bump intercept
acl SSL_port port 443
http_access allow SSL_port
acl CONNECT method CONNECT
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1 all
ssl_bump peek step2 whitelist
ssl_bump splice step3 whitelist
ssl_bump terminate step2 all
http_access deny all
coredump_dir /var/cache/squid/

iptables:

iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3129

Access log:

1551954200.914     54 10.0.1.166 NONE_ABORTED/200 0 CONNECT
93.184.216.34:443 - HIER_NONE/- -
1551954214.370      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/- text/html
1551954217.223      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/- text/html
1551954256.558      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/- text/html
1551954261.638      0 10.0.1.166 NONE/400 3810 GET / - HIER_NONE/- text/html
1551954273.516    215 10.0.1.166 NONE_ABORTED/200 0 CONNECT
93.184.216.34:443 - HIER_NONE/- -
1551954391.304      1 185.59.221.44 NONE_ABORTED/200 0 CONNECT
10.0.0.151:443 - HIER_NONE/- -
1551954395.346      0 185.59.221.44 NONE_ABORTED/200 0 CONNECT
10.0.0.151:443 - HIER_NONE/- -
1551954398.938      0 185.59.221.44 NONE_ABORTED/200 0 CONNECT
10.0.0.151:443 - HIER_NONE/- -

Thanks again,
David



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list