Search squid archive

Re: cache peer only forward http , not https !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you ,

 

Can you just guide me for the https peer directive plz ?

I can take care of https intercept

 

So with http , we have directive cache_peer 10.12.0.32  parent 8080  0 no-query no-digest

 

As ok

 

Now what about https directive ?

Can u help me

 

Thanks a lot a lot a lot for your help

 

cheers

 

 

From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov
Sent: Tuesday, November 10, 2015 8:49 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: cache peer only forward http , not https !!!

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
1. You need to configure Squid with SSL Bump to capture HTTPS traffic.
2. You need to configure forwarded requests with splice/no bump. :)

10.11.15 22:42, Ahmad Alzaeem пишет:
> Hi Guys I want proxy  and I

      want it to forward http & https to remote proxy

      >

      > 

      >

      > Does the command below enogh ?

      >

      > 

      >

      > cache_peer 10.12.0.32  parent 8080  0 no-query no-digest

      no-tproxy

      > proxy-only
No.
>

      >

      > 

      >

      > or I need to add other line for https ??
No.
>

      >

      > 

      >

      > BTW the command line above work only for http not for https
Sure.
>

      >

      > 

      >

      > Any help ?

*** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! ***

# Privoxy+Tor acl
acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor"

# SSL bump rules
sslproxy_cert_error allow all
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump"
acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor"
ssl_bump splice NoSSLIntercept
ssl_bump bump all

# Privoxy+Tor access rules
never_direct allow tor_url

# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default

cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all

As you can see, this is just example. The idea described with first two lines of my answer above.
This snippet works for torified sites described in tor_url acl.
NB: I do not guarantee this will work on your environment!

>

      >

      > 

      >

      > 

      >

      >

     >

      >

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWQi4dAAoJENNXIZxhPexG0SEH/jjiJogO+BkgsjCLjt394UQ6
0qniwV6kBg9daS/3AWrLE3VizP8LnsHwLo3EQi/hdcuY0QPZUwablWt0emGlkZ/w
EnUUeyuZwqV9EP2z+I3apwg49E9vVV/dv6+HJSkorj0ibMlTPvdT4nMKr/zywnp7
fLmyQ8Gfn418g8+SHcQvouHFGRRecLjLi/B9OjdsT29O0tpH628Spv5+JYBzGrqh
FulBz6tzRLpE8W3JHMJjSXEuXbjeI8F2TVPd23g0TeBQaNMKAJwR9qPiYBgBJBhW
9Wk45ccPcwFHxZJgVZCkfj0SHVvnNX3A7tCwldQNFh9DveKtobRJTntMGqljwWI=
=dgIc
-----END PGP SIGNATURE-----

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux