Search squid archive

Re: Forward proxy with certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/17/22 11:11, Chris XMT wrote:
My company implemented a new proxy (Zscaler) that requires the use of SSL certificates.  I have "black boxes" that allow me to configure a proxy, but not to add these needed certificates.  This prevents these linux systems from making HTTPS requests.

When using Squid, do you configure "black boxes" to use Squid's http_port or Squid's https_port? If it is the latter, make sure that those "black boxes" support HTTPS forward proxies. Many clients do not!


I built a RHEL system with Squid running.  This system has the corporate certs needed to make HTTPS connection; I can confirm that it can do so via a curl command.  I've spent countless hours trying to make a basic configuration that allows this RHEL system to forward the traffic from the "black boxes" to their destination.  I would just assume to allow traffic from anywhere and any system to be forwarded.

For Squid to forward requests to an HTTPS proxy, you need to configure the corresponding "cache_peer" with "parent", "tls" (or "ssl") and "sslcert" options. You may also need to disable direct forwarding with "never_direct allow all" if all traffic should go through that cache_peer. Have you done that?

http://www.squid-cache.org/Doc/config/cache_peer/

What errors/problems do you see in cache.log and access.log?

Can anyone offer a basic configuration file that will pass all traffic?

Using something like "http_access allow all" will allow all valid requests into Squid, but result in an open proxy setup that is often vulnerable to abuse. Most likely, that is _not_ what you want, and your primary problem may lie outside Squid access controls.


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux