|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I'm probably a little misled. The fact that my configuration is a proxy with a bump. What complicates the task. In the case of conventional non-transparent proxy no tricks are usually not required except that it is necessary to enforce drive of the encrypted traffic to the proxy. 10.11.15 23:18, Ahmad Alzaeem пишет: > Thank you , > > > > Can you just guide me for the https peer directive plz ? > > I can take care of https intercept > > > > So with http , we have directive cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > > > As ok > > > > Now what about https directive ? > > Can u help me > > > > Thanks a lot a lot a lot for your help > > > > cheers > > > > > > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov > Sent: Tuesday, November 10, 2015 8:49 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: cache peer only forward http , not https !!! > > > > > 1. You need to configure Squid with SSL Bump to capture HTTPS traffic. > 2. You need to configure forwarded requests with splice/no bump. :) > > 10.11.15 22:42, Ahmad Alzaeem пишет: > > Hi Guys I want proxy and I > > want it to forward http & https to remote proxy > > > > > > > > > > > > > > > > > Does the command below enogh ? > > > > > > > > > > > > > > > > > cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > no-tproxy > > > > > proxy-only > No. > > > > > > > > > > > > > > > > > > or I need to add other line for https ?? > No. > > > > > > > > > > > > > > > > > > BTW the command line above work only for http not for https > Sure. > > > > > > > > > > > > > > > > > > Any help ? > > *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! *** > > # Privoxy+Tor acl > acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor" > > # SSL bump rules > sslproxy_cert_error allow all > acl DiscoverSNIHost at_step SslBump1 > ssl_bump peek DiscoverSNIHost > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump" > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor" > ssl_bump splice NoSSLIntercept > ssl_bump bump all > > # Privoxy+Tor access rules > never_direct allow tor_url > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default > > cache_peer_access 127.0.0.1 allow tor_url > cache_peer_access 127.0.0.1 deny all > > As you can see, this is just example. The idea described with first two lines of my answer above. > This snippet works for torified sites described in tor_url acl. > NB: I do not guarantee this will work on your environment! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > squid-users mailing list > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWQjewAAoJENNXIZxhPexGIdcH/Rf/cWyQd0iOxDOe2ICKLe3j TEAeDl3kRPZ0tBER2EUgUScgTPYrUycQKNQ6FFX59pZMhekyWihsQoyG4o5Kr+GF VjISK4RGGm3u9nma5uX4ksz1EcxRkfW+fdR+qfQvz4mjH22vC8Y2sC6IzogekwoJ GSkP7QLWGAKJgJzmy7edsNUFkSXdKKxmmItL5ZfEIoc+f4zRLg7czfL1/D9Kh1Pt YsSCJtTbb5k6H/IGgQmIxBYjDMsG04VoVjHjqgVTmb+8tcmScwxnHiBpn97AtepY 1oj5TnizKqCIgsUQeb/yi71l7JXl+9JskLrOMsca27h67woz2aA0FSJ4BlBBd/M= =CD0W -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
