for SSL inception, SSLBump is required:
http://wiki.squid-cache.org/Features/SslBump
This a bit complex to setup. SSL inception is not really good idea to
implement.. I think it will not work with upstream proxy also.
--
Eero
2016-10-29 22:37 GMT+03:00 paul.greene.va <paul.greene.va@xxxxxxxxxxx>:
> I'm having issues getting squid to send traffic through a specific
> upstream gateway.
>
> I need for a MS WSUS server and a Symantec Endpoint Protection Manager to
> get through a squid proxy to get out to Microsoft and Symantec respectively
> to get MS patches and Symantec DAT files.
>
> The traffic needs to go through the squid proxy, through a firewall, and
> through an upstream McAfee gateway server. If it tries to take a path
> different than that upstream gateway to get out to the internet, it'll get
> dropped.
>
> However, once the traffic goes through the proxy, it tries to go directly
> to the vendor website and not go through the McAfee gateway, and therefore
> is getting blocked by the firewall. The traffic never reaches the McAfee
> gateway.
>
> If I configure a browser to use the proxy server and browse to some
> websites, it can get to http sites, but not https sites. Port 443 is what
> isn't getting through.
>
> I thought this line in squid.conf was supposed to send the traffic to an
> upstream cache_peer parent gateway, but I could easily be misunderstanding
> what its supposed to do. (I'm pretty new with squid)
>
> cache_peer <upstream gateway IP address> parent 8080 3130
> proxy-only no-query no-netdb-exchange default login=<username>:<password>
>
> The Safe_ports and SSL_ports is the squid.conf default settings, and
> include both port 443 and port 80 traffic
>
> Thanks,
>
> PG
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
