Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure HTTPS support in squid3 [closed]

Tags:

proxy

https

debian

squid

I have vps, and i would like to configure my squid support HTTPS proxy. I have configured http proxy and is work, but not support https.

question

  • How to configure HTTPS proxy in squid3?

This is my squid.conf configuration details.

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl larang url_regex -i "/etc/squid3/larang.txt"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny larang
http_access allow all
http_port 143 transparent
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
like image 733
palsutok Avatar asked Oct 31 '12 04:10

palsutok

People also ask

Does Squid work with HTTPS?

Encrypted browser-Squid connectionSquid can accept regular proxy traffic using https_port in the same way Squid does it using an http_port directive. RFC 2818 defines the protocol requirements around this. Unfortunately, popular modern browsers do not yet permit configuration of TLS encrypted proxy connections.

Can Squid cache HTTPS?

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

1 Answers

This line http_access deny CONNECT !SSL_ports is blocking connection to your non SSL_ports. Squid blocks by default: http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls#The_Safe_Ports_and_SSL_Ports_ACL

You only want to allow SSL connects to reverse proxies. Assuming that, put this at the top of your squid.conf:

https_port 443 cert=/path/to/CertAuth/testcert.cert key=/path/to/CertAuth/testkey.pem defaultsite=mywebsite.mydomain.com vhost
cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS name=websiteA

acl sites_server_1 dstdomain websiteA.mydomain.com
cache_peer_access websiteA allow sites_server_1
http_access allow sites_server_1

(extracted from: http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate)

You will want to read all documentation though.

Here is more information on squid and SSL (Definitely Read): http://wiki.squid-cache.org/Features/HTTPS

like image 75
Michael Avatar answered Sep 20 '22 23:09

Michael
Sign in to Comment

Related questions

Azure Functions: Force HTTPS
Why is PHP's "SERVER_PROTOCOL" showing HTTP/1.1 even when using https?
How do I serve https and http for Jetty from one port?
HTTPS stopped working with IIS express
GetRequestStream() is throwing time out exception when posting data to HTTPS url
HTTPS Requests in Ruby
Why is it said that HTTP2 is a binary protocol?
Unable to find the wrapper "https" with file_get_contents
Enable Apache SSL in Docker for local development
Require HTTPS with Spring Security behind a reverse proxy
how to log OUTGOING https requests from node within webstorm
How to enable Map Local over https with Charles Proxy?
git: 'remote-https' is not a git command?
HTTPS redirection for all routes node.js/express - Security concerns
How to remove JVM property "https.proxyHost"?
Android - Sending HTTPS Get Request
how to resolve jsoup error: unable to find valid certification path to requested target
Enable https in a rails app on a thin server
Android DownloadManager and SSL (https)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!