HTTPS on Squid http proxy server The 2019 Stack Overflow Developer Survey Results Are InSquid url rewrites https>>httpProxy Access to my Squid ProxyHow to setup a HTTP/s Proxy behind Squid/Sockd ProxyMacs behind a proxy, using squid for SSL and HTTP trafficSquid Proxy - https working but http sites not workingConfigure Squid as an HTTPS forward proxy?Maximum number of HTTP request in squid proxy serverForward Proxy convert http to httpsIs there any way to cache or forward https requests to an http proxy using Squid?
Did 3000BC Egyptians use meteoric iron weapons?
Did Scotland spend $250,000 for the slogan "Welcome to Scotland"?
Did Section 31 appear in Star Trek: The Next Generation?
slides for 30min~1hr skype tenure track application interview
Why was M87 targetted for the Event Horizon Telescope instead of Sagittarius A*?
What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?
Does a dangling wire really electrocute me if I'm standing in water?
How are circuits which use complex ICs normally simulated?
Why isn't airport relocation done gradually?
Why is the maximum length of OpenWrt’s root password 8 characters?
Loose spokes after only a few rides
Does coating your armor in silver add any effects?
Why didn't the Event Horizon Telescope team mention Sagittarius A*?
What to do when moving next to a bird sanctuary with a loosely-domesticated cat?
How to check whether the reindex working or not in Magento?
Am I thawing this London Broil safely?
What is the accessibility of a package's `Private` context variables?
What does ひと匙 mean in this manga and has it been used colloquially?
How come people say “Would of”?
Reference request: Oldest number theory books with (unsolved) exercises?
Why can Shazam fly?
Why did Acorn's A3000 have red function keys?
Landlord wants to switch my lease to a "Land contract" to "get back at the city"
Return to UK after having been refused entry years ago
HTTPS on Squid http proxy server
The 2019 Stack Overflow Developer Survey Results Are InSquid url rewrites https>>httpProxy Access to my Squid ProxyHow to setup a HTTP/s Proxy behind Squid/Sockd ProxyMacs behind a proxy, using squid for SSL and HTTP trafficSquid Proxy - https working but http sites not workingConfigure Squid as an HTTPS forward proxy?Maximum number of HTTP request in squid proxy serverForward Proxy convert http to httpsIs there any way to cache or forward https requests to an http proxy using Squid?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).
Do you have a solution for that ?
debian proxy squid http-proxy
asked Apr 14 '14 at 10:03
maximemaxime
12115
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).
Do you have a solution for that ?
debian proxy squid http-proxy
asked Apr 14 '14 at 10:03
maximemaxime
12115
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.
– AzkerM
Apr 14 '14 at 12:25
can you show your squid configuration?
– c4f4t0r
Apr 14 '14 at 12:54
My server runs on Debian 7. I'll try webmin ! And thanks for the link !
– maxime
Apr 16 '14 at 13:29
add a comment |
I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).
Do you have a solution for that ?
debian proxy squid http-proxy
asked Apr 14 '14 at 10:03
maximemaxime
12115
I've got many servers and I want them to have the same IP when they do requests via the Internet. So I configured a Squid http proxy server that works well for http requests.
The problem is that it do not works for HTTPS requests (the real IP of my server appears...).
Do you have a solution for that ?
debian proxy squid http-proxy
debian proxy squid http-proxy
asked Apr 14 '14 at 10:03
maximemaxime
12115
asked Apr 14 '14 at 10:03
maximemaxime
12115
asked Apr 14 '14 at 10:03
maximemaxime
12115
asked Apr 14 '14 at 10:03
maximemaxime
12115
asked Apr 14 '14 at 10:03
maximemaxime
12115
12115
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.
– AzkerM
Apr 14 '14 at 12:25
can you show your squid configuration?
– c4f4t0r
Apr 14 '14 at 12:54
My server runs on Debian 7. I'll try webmin ! And thanks for the link !
– maxime
Apr 16 '14 at 13:29
add a comment |
What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.
– AzkerM
Apr 14 '14 at 12:25
can you show your squid configuration?
– c4f4t0r
Apr 14 '14 at 12:54
My server runs on Debian 7. I'll try webmin ! And thanks for the link !
– maxime
Apr 16 '14 at 13:29
What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.
– AzkerM
Apr 14 '14 at 12:25
What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.
– AzkerM
Apr 14 '14 at 12:25
can you show your squid configuration?
– c4f4t0r
Apr 14 '14 at 12:54
can you show your squid configuration?
– c4f4t0r
Apr 14 '14 at 12:54
My server runs on Debian 7. I'll try webmin ! And thanks for the link !
– maxime
Apr 16 '14 at 13:29
My server runs on Debian 7. I'll try webmin ! And thanks for the link !
– maxime
Apr 16 '14 at 13:29
add a comment |
2 Answers
2
active
oldest
votes
You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.
If you'd like to add it to your existing configuration, you can research it here
SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
add a comment |
Here is now my ssl-bump rules are setup and it works without a problem:
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
Then just set both HTTP and SSL proxy to the server and port 3128.
answered Jun 13 '14 at 21:22
user226231user226231
211
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f588823%2fhttps-on-squid-http-proxy-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.
If you'd like to add it to your existing configuration, you can research it here
SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
add a comment |
You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.
If you'd like to add it to your existing configuration, you can research it here
SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
add a comment |
You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.
If you'd like to add it to your existing configuration, you can research it here
SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
You need to use the SSL Bump functionality of Squid in order to be able to filter HTTPS. An easy method to implement this is to use QLProxy as it has the SSL Bump functionality enabled by default.
If you'd like to add it to your existing configuration, you can research it here
SIDE NOTE : SSL was developed, in part, to issue assurances to the connecting party that they are connecting to the service that they are expecting to connect to. Intercepting this transmission, which is what you're trying to accomplish, will break the integrtity of HTTPS and issue certificate warnings to your clients. This can be mitigated by distributing a trusted certificate to all your clients, however there is an ethical issue at play here as you are essentially eavesdropping on traffic that your clients assume is secure.
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
answered Apr 14 '14 at 16:05
DKNUCKLESDKNUCKLES
3,42333858
3,42333858
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
add a comment |
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
He doesn't need a transparent proxy.
– Diego Woitasen
Apr 15 '14 at 17:00
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
@diegows perhaps you'd care to share what you think he needs then rather than just stating what they "don't" need.
– DKNUCKLES
Apr 16 '14 at 12:47
add a comment |
Here is now my ssl-bump rules are setup and it works without a problem:
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
Then just set both HTTP and SSL proxy to the server and port 3128.
answered Jun 13 '14 at 21:22
user226231user226231
211
add a comment |
Here is now my ssl-bump rules are setup and it works without a problem:
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
Then just set both HTTP and SSL proxy to the server and port 3128.
answered Jun 13 '14 at 21:22
user226231user226231
211
add a comment |
Here is now my ssl-bump rules are setup and it works without a problem:
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
Then just set both HTTP and SSL proxy to the server and port 3128.
answered Jun 13 '14 at 21:22
user226231user226231
211
Here is now my ssl-bump rules are setup and it works without a problem:
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
Then just set both HTTP and SSL proxy to the server and port 3128.
answered Jun 13 '14 at 21:22
user226231user226231
211
answered Jun 13 '14 at 21:22
user226231user226231
211
answered Jun 13 '14 at 21:22
user226231user226231
211
answered Jun 13 '14 at 21:22
user226231user226231
211
211
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f588823%2fhttps-on-squid-http-proxy-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What is the base operating system that squid runs on..?? Meanwhile, I'd suggest you install webmin for easier view and configuration or if the purpose it to act as proxy server along with some enhanced features, pfsense will do better. Having said that, I found this by googling which may server you.
– AzkerM
Apr 14 '14 at 12:25
can you show your squid configuration?
– c4f4t0r
Apr 14 '14 at 12:54
My server runs on Debian 7. I'll try webmin ! And thanks for the link !
– maxime
Apr 16 '14 at 13:29