Hi I don’t have ssl pump All my users user ip:port to have internet I already have ISA windows server and it works with http and https Im wondering why all complexity needed for peer https !!! Anyway hnere is squid.conf # This file is automatically generated by pfSense # Do not edit manually ! http_port 172.23.101.253:3128 icp_port 0 dns_v4_first on pid_filename /var/run/squid/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language en icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons visible_hostname mne cache_mgr azaeem@xxxxxx access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable off pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger logfile_rotate 2 debug_options rotate=2 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 172.23.101.0/24 forwarded_for off via off httpd_suppress_version_string on uri_whitespace strip acl dynamic urlpath_regex cgi-bin ? cache deny dynamic cache_mem 64 MB maximum_object_size_in_memory 256 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA minimum_object_size 0 KB maximum_object_size 4 MB cache_dir ufs /var/squid/cache 100 16 256 offline_mode off cache_swap_low 90 cache_swap_high 95 cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320 #Remote proxies # Setup some default acls # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. # acl localhost src 127.0.0.1/32 acl allsrc src all acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535 acl sslports port 443 563 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. #acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections # From 3.2 further configuration cleanups have been done to make things easier and safer. # The manager, localhost, and to_localhost ACL definitions are now built-in. # http_access allow localhost request_body_max_size 0 KB delay_access 1 allow allsrc # Reverse Proxy settings # Custom options before auth dns_nameservers 8.8.8.8 10.12.0.33 cache_peer 10.12.0.32 parent 80 0 no-query no-digest no-tproxy proxy-only # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc cheers From: Yuri Voinov [mailto:yvoinov@xxxxxxxxx]
> > > > Can you just guide me for the https peer directive plz ? > > I can take care of https intercept > > > > So with http , we have directive cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > > > As ok > > > > Now what about https directive ? > > Can u help me > > > > Thanks a lot a lot a lot for your help > > > > cheers > > > > > > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov > Sent: Tuesday, November 10, 2015 8:49 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: cache peer only forward http , not https !!! > > > > > 1. You need to configure Squid with SSL Bump to capture HTTPS traffic. > 2. You need to configure forwarded requests with splice/no bump. :) > > 10.11.15 22:42, Ahmad Alzaeem пишет: > > Hi Guys I want proxy and I > > want it to forward http & https to remote proxy > > > > > > > > > > > > > > > > > Does the command below enogh ? > > > > > > > > > > > > > > > > > cache_peer 10.12.0.32 parent 8080 0 no-query no-digest > > no-tproxy > > > > > proxy-only > No. > > > > > > > > > > > > > > > > > > or I need to add other line for https ?? > No. > > > > > > > > > > > > > > > > > > BTW the command line above work only for http not for https > Sure. > > > > > > > > > > > > > > > > > > Any help ? > > *** DISCLAMER: THIS IS MY OWN CONFIG SNIPPET. DON'T BLIND COPY-N-PASTE IT IN YOUR ENVIRONMENT! *** > > # Privoxy+Tor acl > acl tor_url dstdom_regex "C:/Squid/etc/squid/url.tor" > > # SSL bump rules > sslproxy_cert_error allow all > acl DiscoverSNIHost at_step SslBump1 > ssl_bump peek DiscoverSNIHost > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.nobump" > acl NoSSLIntercept ssl::server_name_regex -i "C:/Squid/etc/squid/url.tor" > ssl_bump splice NoSSLIntercept > ssl_bump bump all > > # Privoxy+Tor access rules > never_direct allow tor_url > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default > > cache_peer_access 127.0.0.1 allow tor_url > cache_peer_access 127.0.0.1 deny all > > As you can see, this is just example. The idea described with first two lines of my answer above. > This snippet works for torified sites described in tor_url acl. > NB: I do not guarantee this will work on your environment! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > squid-users mailing list > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
