Sorry for my bad english,
when i define 216.55.x.x www.iplocation.net to /etc/hosts in my client i cannot access to https://www.iplocation.net and hang on connecting and then give me timeout error,
I want to make a anonymous https & http proxy that pass through any requests without decrypting or change them,
only change ip address from client ip to my server ip address and define ip address of my websites that i want to access them from my client in /etc/hosts,
so i try to install squid on my server and i have good experience when i set proxy in client with server ip and port 3128 and i can access http & https behind this proxy,
but when i try to using /etc/hosts i cannot access to https websites. i try to install squid lot of time with any install instructions that i found from googling.
I have server with CentOS 7 with one valid internet ip address.
For more explain of what i want to do, i need my squid to work like this ip 173.161.0.227
When i add 173.161.0.227 www.iplocation.net to my client /etc/hosts
I can browse https://www.iplocation.net that tell me my client ip address is 173.161.0.227
I want do my proxy server same as 173.161.0.227
My problem is now with below config is:
I`m appreciate for help me to resolve this problem.
I ask it before in http://serverfault.com/questions/805413/squid-with-iptables-bypass-https but i cannot resolve it
My Iptables config is:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3130
My squid config is:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src 127.0.0.1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access allow manager
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128
http_port 80
http_port 0.0.0.0:3129 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
https_port 0.0.0.0:3130 ssl-bump intercept cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
cache_dir ufs /var/cache/squid 100 16 256
coredump_dir /var/cache/squid
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/squid/ssl_db -M 4MB
sslcrtd_children 50 startup=1 idle=1
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump peek all
ssl_bump splice all
ssl_bump bump all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320forwarded_for delete
On Tue, Oct 4, 2016 at 4:44 PM, Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote:
On Tuesday 04 October 2016 at 14:51:13, Mehdi Yeganeh wrote:
> Thanks for quick replay,
> I need to use my server, i configure my ip address in some software like
> antivirus and ...
... and what?
I do not understand what antivirus software has to do with our discussion.
Please give details, don't just write "...".
> So, I want all of that working
All of what?
> with my server ip address and for this reason I cannot use torproxy or
> torproject. I need a proxy server (squid) on my server
In that case install Squid on your server. What is the problem?
> More details about 173.161.0.227:
> Its sophos web appliance that use squid on debian and using some other
> proxy software (Astaro HttpProxy) with squid and
> iptables for forwarding ports. but i can`t find the other proxy software
> for download. so, i just have squid alone (although iptables is present)
Okay, so I understand that the machine on that IP address (which appears to be
serving Pennoyer School in Illinois, with connectivity provided by Comcast) is
a "Sophos web appliance" - some sort of combined firewall / proxy / port
forwarder.
What is the relevance of that machine to your question?
> Please tell me that should i use other tools or squid can do it?
Do what?
Please explain exactly what it is you are trying to achieve, and hoping that
Squid is a solution for.
Regards,
Antony.
--
Police have found a cartoonist dead in his house. They say that details are
currently sketchy.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
