|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I think, we need to take a look on your squid.conf first. 10.11.15 23:18, Ahmad Alzaeem пишет: > Thank you , > > > > Can you just guide me for the https peer directive plz ? > > I can take care of https intercept > > > > So with http , we have directive cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > > > As ok > > > > Now what about https directive ? > > Can u help me > > > > Thanks a lot a lot a lot for your help > > > > cheers > > > > > > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov > Sent: Tuesday, November 10, 2015 8:49 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: cache peer only forward http , not https !!! > > > > > 1. You need to configure Squid with SSL Bump to capture HTTPS traffic. > 2. You need to configure forwarded requests with splice/no bump. :) > > 10.11.15 22:42, Ahmad Alzaeem пишет: > > Hi Guys I want proxy and I > > want it to forward http & https to remote proxy > > > > > > > > > > > > > > > > > Does the command below enogh ? > > > > > > > > > > > > > > > > > cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > no-tproxy > > > > > proxy-only > No. > > > > > > > > > > > > > > > > > > or I need to add other line for https ?? > No. > > > > > > > > > > > > > > > > > > BTW the command line above work only for http not for https > Sure. > > > > > > > > > > > > > > > > > > Any help ? > > *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! *** > > # Privoxy+Tor acl > acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor" > > # SSL bump rules > sslproxy_cert_error allow all > acl DiscoverSNIHost at_step SslBump1 > ssl_bump peek DiscoverSNIHost > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump" > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor" > ssl_bump splice NoSSLIntercept > ssl_bump bump all > > # Privoxy+Tor access rules > never_direct allow tor_url > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default > > cache_peer_access 127.0.0.1 allow tor_url > cache_peer_access 127.0.0.1 deny all > > As you can see, this is just example. The idea described with first two lines of my answer above. > This snippet works for torified sites described in tor_url acl. > NB: I do not guarantee this will work on your environment! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > squid-users mailing list > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWQjqaAAoJENNXIZxhPexGHLsH/A8M2GrcOrOTu+k4+iRHhH21 q0muY8vTpdGW6/keFek7r/df05NF8NJ4rg1a+j/RRFtdy0NEJWf663Xhg3Z5UT7K 6tLqF/8kjW0u3osuD6BCxjvWIe1elGJKIdBlBbIukIiK50ErdPBbAF26g4wdS1RG hMQHDWjbZsBPSuhKDYWgGoddpozVUWrnMRM/YSY98LgnC738fUzJgWUXR0pjsF1p EgkYPrawkkUzbJ6SqQA2MFZuQyqPl3nNYFvQVnwg9sGqrKU2f+cy/hv0Mj0O0rjI 7Gs7kHI9fT63dmkkiFDsaw6yRDXRak1qrb7htHoNkbrPrVm7eVXMTUy5ukWawOA= =okeQ -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
