HTTPS on Squid http proxy server The 2019 Stack Overflow Developer Survey Results Are InSquid url rewrites https>>httpProxy Access to my Squid ProxyHow to setup a HTTP/s Proxy behind Squid/Sockd ProxyMacs behind a proxy, using squid for SSL and HTTP trafficSquid Proxy - https working but http sites not workingConfigure Squid as an HTTPS forward proxy?Maximum number of HTTP request in squid proxy serverForward Proxy convert http to httpsIs there any way to cache or forward https requests to an http proxy using Squid?

Did 3000BC Egyptians use meteoric iron weapons?

Did Scotland spend $250,000 for the slogan "Welcome to Scotland"?

Did Section 31 appear in Star Trek: The Next Generation?

slides for 30min~1hr skype tenure track application interview

Why was M87 targetted for the Event Horizon Telescope instead of Sagittarius A*?

What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?

Does a dangling wire really electrocute me if I'm standing in water?

How are circuits which use complex ICs normally simulated?

Why isn't airport relocation done gradually?

Why is the maximum length of OpenWrt’s root password 8 characters?

Loose spokes after only a few rides

Does coating your armor in silver add any effects?

Why didn't the Event Horizon Telescope team mention Sagittarius A*?

What to do when moving next to a bird sanctuary with a loosely-domesticated cat?

How to check whether the reindex working or not in Magento?

Am I thawing this London Broil safely?

What is the accessibility of a package's `Private` context variables?

What does ひと匙 mean in this manga and has it been used colloquially?

How come people say “Would of”?

Reference request: Oldest number theory books with (unsolved) exercises?

Why can Shazam fly?

Why did Acorn's A3000 have red function keys?

Landlord wants to switch my lease to a "Land contract" to "get back at the city"

Return to UK after having been refused entry years ago



HTTPS on Squid http proxy server



The 2019 Stack Overflow Developer Survey Results Are InSquid url rewrites https>>httpProxy Access to my Squid ProxyHow to setup a HTTP/s Proxy behind Squid/Sockd ProxyMacs behind a proxy, using squid for SSL and HTTP trafficSquid Proxy - https working but http sites not workingConfigure Squid as an HTTPS forward proxy?Maximum number of HTTP request in squid proxy serverForward Proxy convert http to httpsIs there any way to cache or forward https requests to an http proxy using Squid?



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








2















I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).



Do you have a solution for that ?






debian proxy squid http-proxy







share|improve this question














bumped to the homepage by Community 13 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.

    – AzkerM
    Apr 14 '14 at 12:25












  • can you show your squid configuration?

    – c4f4t0r
    Apr 14 '14 at 12:54











  • My server runs on Debian 7. I'll try webmin ! And thanks for the link !

    – maxime
    Apr 16 '14 at 13:29

















2















I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).



Do you have a solution for that ?






debian proxy squid http-proxy







share|improve this question














bumped to the homepage by Community 13 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.

    – AzkerM
    Apr 14 '14 at 12:25












  • can you show your squid configuration?

    – c4f4t0r
    Apr 14 '14 at 12:54











  • My server runs on Debian 7. I'll try webmin ! And thanks for the link !

    – maxime
    Apr 16 '14 at 13:29













2












2








2


1






I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).



Do you have a solution for that ?






debian proxy squid http-proxy







share|improve this question














I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).



Do you have a solution for that ?






debian proxy squid http-proxy




debian proxy squid http-proxy






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Apr 14 '14 at 10:03









maximemaxime

12115




12115





bumped to the homepage by Community 13 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 13 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.














  • What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.

    – AzkerM
    Apr 14 '14 at 12:25












  • can you show your squid configuration?

    – c4f4t0r
    Apr 14 '14 at 12:54











  • My server runs on Debian 7. I'll try webmin ! And thanks for the link !

    – maxime
    Apr 16 '14 at 13:29

















  • What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.

    – AzkerM
    Apr 14 '14 at 12:25












  • can you show your squid configuration?

    – c4f4t0r
    Apr 14 '14 at 12:54











  • My server runs on Debian 7. I'll try webmin ! And thanks for the link !

    – maxime
    Apr 16 '14 at 13:29
















What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.

– AzkerM
Apr 14 '14 at 12:25






What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.

– AzkerM
Apr 14 '14 at 12:25














can you show your squid configuration?

– c4f4t0r
Apr 14 '14 at 12:54





can you show your squid configuration?

– c4f4t0r
Apr 14 '14 at 12:54













My server runs on Debian 7. I'll try webmin ! And thanks for the link !

– maxime
Apr 16 '14 at 13:29





My server runs on Debian 7. I'll try webmin ! And thanks for the link !

– maxime
Apr 16 '14 at 13:29










2 Answers
2






active

oldest

votes


















0














You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.



If you'd like to add it to your existing configuration, you can research it here



SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.






share|improve this answer























  • He doesn't need a transparent proxy.

    – Diego Woitasen
    Apr 15 '14 at 17:00











  • @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

    – DKNUCKLES
    Apr 16 '14 at 12:47


















0














Here is now my ssl-bump rules are setup and it works without a problem:



http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost


Then just set both HTTP and SSL proxy to the server and port 3128.






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f588823%2fhttps-on-squid-http-proxy-server%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.



    If you'd like to add it to your existing configuration, you can research it here



    SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.






    share|improve this answer























    • He doesn't need a transparent proxy.

      – Diego Woitasen
      Apr 15 '14 at 17:00











    • @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

      – DKNUCKLES
      Apr 16 '14 at 12:47















    0














    You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.



    If you'd like to add it to your existing configuration, you can research it here



    SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.






    share|improve this answer























    • He doesn't need a transparent proxy.

      – Diego Woitasen
      Apr 15 '14 at 17:00











    • @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

      – DKNUCKLES
      Apr 16 '14 at 12:47













    0












    0








    0







    You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.



    If you'd like to add it to your existing configuration, you can research it here



    SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.






    share|improve this answer













    You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.



    If you'd like to add it to your existing configuration, you can research it here



    SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Apr 14 '14 at 16:05









    DKNUCKLESDKNUCKLES

    3,42333858




    3,42333858












    • He doesn't need a transparent proxy.

      – Diego Woitasen
      Apr 15 '14 at 17:00











    • @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

      – DKNUCKLES
      Apr 16 '14 at 12:47

















    • He doesn't need a transparent proxy.

      – Diego Woitasen
      Apr 15 '14 at 17:00











    • @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

      – DKNUCKLES
      Apr 16 '14 at 12:47
















    He doesn't need a transparent proxy.

    – Diego Woitasen
    Apr 15 '14 at 17:00





    He doesn't need a transparent proxy.

    – Diego Woitasen
    Apr 15 '14 at 17:00













    @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

    – DKNUCKLES
    Apr 16 '14 at 12:47





    @diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.

    – DKNUCKLES
    Apr 16 '14 at 12:47













    0














    Here is now my ssl-bump rules are setup and it works without a problem:



    http_port 3128
    http_port 3129 intercept
    https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
    sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
    sslcrtd_children 50 startup=5 idle=1
    ssl_bump server-first all
    ssl_bump none localhost


    Then just set both HTTP and SSL proxy to the server and port 3128.






    share|improve this answer



























      0














      Here is now my ssl-bump rules are setup and it works without a problem:



      http_port 3128
      http_port 3129 intercept
      https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
      sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
      sslcrtd_children 50 startup=5 idle=1
      ssl_bump server-first all
      ssl_bump none localhost


      Then just set both HTTP and SSL proxy to the server and port 3128.






      share|improve this answer

























        0












        0








        0







        Here is now my ssl-bump rules are setup and it works without a problem:



        http_port 3128
        http_port 3129 intercept
        https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
        sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
        sslcrtd_children 50 startup=5 idle=1
        ssl_bump server-first all
        ssl_bump none localhost


        Then just set both HTTP and SSL proxy to the server and port 3128.






        share|improve this answer













        Here is now my ssl-bump rules are setup and it works without a problem:



        http_port 3128
        http_port 3129 intercept
        https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
        sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
        sslcrtd_children 50 startup=5 idle=1
        ssl_bump server-first all
        ssl_bump none localhost


        Then just set both HTTP and SSL proxy to the server and port 3128.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 13 '14 at 21:22









        user226231user226231

        211




        211



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f588823%2fhttps-on-squid-http-proxy-server%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to make RAID controller rescan devices The 2019 Stack Overflow Developer Survey Results Are InLSI MegaRAID SAS 9261-8i: Disk isn't recognized after replacementHow to monitor the hard disk status behind Dell PERC H710 Raid Controller with CentOS 6?LSI MegaRAID - Recreate missing RAID 1 arrayext. 2-bay USB-Drive with RAID: btrfs RAID vs built-in RAIDInvalid SAS topologyDoes enabling JBOD mode on LSI based controllers affect existing logical disks/arrays?Why is there a shift between the WWN reported from the controller and the Linux system?Optimal RAID 6+0 Setup for 40+ 4TB DisksAccidental SAS cable removal

            Image
            Is "plugging out" electronic devices an American expression? Does a dangling wire really electrocute me if I'm standing in water? Adding labels to a table: columns and rows Spanish for "widget" Landlord wants to switch my lease to a "Land contract" to "get back at the city" Lethal sonic weapons On the insanity of kings as an argument against monarchy Is there a general name for the setup in which payoffs are not known exactly but players try to influence each other's perception of the payoffs? How long do I have to send my income tax payment to the IRS? Geography at the pixel level Can a zener diode with a higher power dissipation be used in place of the original one in an audio amplifier? How can I make payments on the Internet without leaving a money trail? What can other administrators access on my machine? Understanding the implication of what "well-defined" means for the operation in quotient group
            Read more

            Куамањотепек (Чилапа де Алварез) Садржај Становништво Види још Референце Спољашње везе Мени за навигацију17°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.0308317°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.030838877656„Instituto Nacional de Estadística y Geografía”„The GeoNames geographical database”Мексичка насељапроширитиуу

            Image
            Насеља у општини Чилапа де Алварез (Гереро) шп.МексикуГерероопштиниЧилапа де Алварезнадморској висини2010 (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003Eсакријu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="sr" dir="ltr"u003Eu003Cdiv class="noticebanner"u003Eu003Cdiv class="plainlinks" style="background-image: -moz-linear-gradient(top, #fefefe, #fefefe, #f0f0f0); background-image: -o-linear-gradient(top, #fefefe, #fefefe, #f0f0f0); background-image: -webkit-linear-gradient(top, #fefefe, #fefefe, #f0f0f0); background-image: linear-gradient(to bottom, #fefefe, #fefefe, #f0f0f0);; -moz-border-radius: 10px; -webkit-border-rad
            Read more

            Can the Right Ascension and Argument of Perigee of a spacecraft's orbit keep varying by themselves with time? The 2019 Stack Overflow Developer Survey Results Are InHow is the altitude of a satellite defined, given that the Earth is not spherical?Why do satellites appear to move faster when overhead and slower closer to the horizon?For the mathematical relationship between J2 (km^5/s^2) and dimensionless J2 - which one is derived from the other?Why is Nodal precession affected by the rotational period of the planet?Why is it so difficult to predict the exact reentry location and time of a very low earth orbit object?Why are low earth orbit satellites not visible from the same place all the time?Perifocal coordinates and the orbit equationHow feasible is the Moonspike mission?What was the typical perigee after a shuttle de-orbit burn?I am having trouble calculating my classic orbital elements and am at a loss on where to lookAm I supposed to modify the gravitational constant with scale and why do fps & time scale changes cause my orbit to break?How Local time of a sun synchronous orbit is related to Right ascension of ascending node?What is wrong with my orbit sim equations? How can I fix them?How to obtain the initial positions and velocities of an inclined orbit?

            Image
            Why is this recursive code so slow? Button changing its text & action. Good or terrible? What do I do when my TA workload is more than expected? What is the most efficient way to store a numeric range? Why are there uneven bright areas in this photo of black hole? Why can't wing-mounted spoilers be used to steepen approaches? What aspect of planet earth must be changed to prevent the industrial revolution? Deal with toxic manager when you can't quit Single author papers against my advisor's will? Did any laptop computers have a built-in 5 1/4 inch floppy drive? How can I add encounters in the Lost Mine of Phandelver campaign without giving PCs too much XP? How many cones with angle theta can I pack into the unit sphere? Why did Peik say, "I'm not an animal"? How do I free up internal storage if I don't have any apps downloaded? How to read αἱμύλιος or when to aspirate Question on an engine pulling a train Why can't d
            Read more