Hi im using pfsense with cache peer Squid version is 3.4.10 I have peer proxy on port 80 and I can use it with http and https Now if I use pfsense in the middle and let pfsense go to remote proxy (10.12.0.32 port 80 ) And I get internt from the pfsense proxy I only have http websites working !!! But https websites don’t work Any help ? Here is my pfsnese config : # This file is automatically generated by pfSense # Do not edit manually ! http_port 172.23.101.253:3128 icp_port 0 dns_v4_first on pid_filename /var/run/squid/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language en icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons visible_hostname mne cache_mgr azaeem@xxxxxx access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable off pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger logfile_rotate 2 debug_options rotate=2 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 172.23.101.0/24 forwarded_for off via off httpd_suppress_version_string on uri_whitespace strip acl dynamic urlpath_regex cgi-bin ? cache deny dynamic cache_mem 64 MB maximum_object_size_in_memory 256 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA minimum_object_size 0 KB maximum_object_size 4 MB cache_dir ufs /var/squid/cache 100 16 256 offline_mode off cache_swap_low 90 cache_swap_high 95 cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320 #Remote proxies # Setup some default acls # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. # acl localhost src 127.0.0.1/32 acl allsrc src all acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535 acl sslports port 443 563 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. #acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections # From 3.2 further configuration cleanups have been done to make things easier and safer. # The manager, localhost, and to_localhost ACL definitions are now built-in. # http_access allow localhost request_body_max_size 0 KB delay_access 1 allow allsrc # Reverse Proxy settings # Custom options before auth dns_nameservers 8.8.8.8 10.12.0.33 cache_peer 10.12.0.32 parent 80 0 no-query no-digest no-tproxy proxy-only # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc cheers |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
