On 26/06/2015 2:36 a.m., Mike wrote: > Amos, thanks for info. > > The primary settings being used in squid.conf: > > http_port 8080 > # this port is what will be used for SSL Proxy on client browser > http_port 8081 intercept > > https_port 8082 intercept ssl-bump connection-auth=off > generate-host-certificates=on dynamic_cert_mem_cache_size=16MB > cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key > cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH > > > sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB > sslcrtd_children 50 startup=5 idle=1 > ssl_bump server-first all > ssl_bump none localhost > > > Then e2guardian uses 10101 for the browsers, and uses 8080 for > connecting to squid on the same server. Doesn;t matter. Due to TLS security requirements Squid ensures the TLS connection in re-encrypted on outgoing. I am doubtful eth nord works anymore since Googles own documentation for schools states that one must install a MITM proxy that does the traffic filtering - e2guardian is not one of those. IMO you should convert your e2guardian config into Squid ACL rules that can be applied to the bumped traffic without forcing http:// But if nord does work, so should the deny_info in Squid. Something like this probably: acl google dstdomain .google.com deny_info 301:http://%H%R?nord=1 google acl GwithQuery urlpath_regex ? deny_info 301:http://%H%R&nord=1 GwithQuery http_access deny google Gquery http_access deny google Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
