|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 You just must remember my two first line from previous mail. You need to configure Squid with SSL Bump to capture HTTPS traffic. Or, of course, you can configure your Squid as non-transparent forwarding proxy. All you need: Your Squid must see HTTPS-traffic in any way. Either with SSL Bump, or just tunneling (forwarding proxy). and, finally: 3. You don't need any special directives for cache_peer with https. 10.11.15 23:18, Ahmad Alzaeem пишет: > Thank you , > > > > Can you just guide me for the https peer directive plz ? > > I can take care of https intercept > > > > So with http , we have directive cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > > > As ok > > > > Now what about https directive ? > > Can u help me > > > > Thanks a lot a lot a lot for your help > > > > cheers > > > > > > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov > Sent: Tuesday, November 10, 2015 8:49 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: cache peer only forward http , not https !!! > > > > > 1. You need to configure Squid with SSL Bump to capture HTTPS traffic. > 2. You need to configure forwarded requests with splice/no bump. :) > > 10.11.15 22:42, Ahmad Alzaeem пишет: > > Hi Guys I want proxy and I > > want it to forward http & https to remote proxy > > > > > > > > > > > > > > > > > Does the command below enogh ? > > > > > > > > > > > > > > > > > cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > no-tproxy > > > > > proxy-only > No. > > > > > > > > > > > > > > > > > > or I need to add other line for https ?? > No. > > > > > > > > > > > > > > > > > > BTW the command line above work only for http not for https > Sure. > > > > > > > > > > > > > > > > > > Any help ? > > *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! *** > > # Privoxy+Tor acl > acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor" > > # SSL bump rules > sslproxy_cert_error allow all > acl DiscoverSNIHost at_step SslBump1 > ssl_bump peek DiscoverSNIHost > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump" > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor" > ssl_bump splice NoSSLIntercept > ssl_bump bump all > > # Privoxy+Tor access rules > never_direct allow tor_url > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default > > cache_peer_access 127.0.0.1 allow tor_url > cache_peer_access 127.0.0.1 deny all > > As you can see, this is just example. The idea described with first two lines of my answer above. > This snippet works for torified sites described in tor_url acl. > NB: I do not guarantee this will work on your environment! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > squid-users mailing list > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWQjZSAAoJENNXIZxhPexGgXcH/RGcP659oJqW+tD+YIUDAkWz W4QEwik9mS/TtdvtHy6rQbnVNPp5Tk451JvMsmfjGW91xZBUL+Owa35TLaLo2B7p ypYXdwr/q42VgbtZ1pawZyHaC/CIotcM5A7Gv28kGuaWVsqgXIn35tQ3bbmqQeDr 3+aNYSUv7qwwIqXMIExoWY4aDAUYIMlhtmjydRXKPTmdr2tlZHRwGLPhbP69i2cB Y79JFCsz03cq5Ohzh41hc7TqdZ5QeoVWMri/TcnOu3gBIuJ2vmVvNqtV4yykwSbn 2lhd0qaZX64JJVNhrNEnyAI1sK/VaJgh71yn11JddG7Q+ZYp4rlxxS0bmD1uDbg= =CfyG -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
