On 8/17/22 11:11, Chris XMT wrote:
My company implemented a new proxy (Zscaler) that requires the use of SSL certificates. I have "black boxes" that allow me to configure a proxy, but not to add these needed certificates. This prevents these linux systems from making HTTPS requests.
When using Squid, do you configure "black boxes" to use Squid's http_port or Squid's https_port? If it is the latter, make sure that those "black boxes" support HTTPS forward proxies. Many clients do not!
I built a RHEL system with Squid running. This system has the corporate certs needed to make HTTPS connection; I can confirm that it can do so via a curl command. I've spent countless hours trying to make a basic configuration that allows this RHEL system to forward the traffic from the "black boxes" to their destination. I would just assume to allow traffic from anywhere and any system to be forwarded.
For Squid to forward requests to an HTTPS proxy, you need to configure the corresponding "cache_peer" with "parent", "tls" (or "ssl") and "sslcert" options. You may also need to disable direct forwarding with "never_direct allow all" if all traffic should go through that cache_peer. Have you done that?
http://www.squid-cache.org/Doc/config/cache_peer/ What errors/problems do you see in cache.log and access.log?
Can anyone offer a basic configuration file that will pass all traffic?
Using something like "http_access allow all" will allow all valid requests into Squid, but result in an open proxy setup that is often vulnerable to abuse. Most likely, that is _not_ what you want, and your primary problem may lie outside Squid access controls.
HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
