[squid-users] Cache Proxy Configuration to let through SSL from Unterpaintner, Felix on 2007-09-20 (squid-users)

From: Unterpaintner, Felix <Felix.Unterpaintner@dont-contact.us>
Date: Thu, 20 Sep 2007 10:05:42 +0200

Hi all.

I searched for 2 Day work now and I cannot figure it out. Sorry if it is nonetheless in the FAQ or obivous.

I set up an Ubuntu 6.10 Server and installed Squid and Dansguardian.
These two work fine together and http-Traffic is no Problem.

Because I want it to protect my Network, I closed as many Ports as possible and configured Squid in (I hope so) way, to just allow Http Traffic and Https Traffic.

Caching the http Trafic works fine.

But I cannot figure out, how to tell squid to just let through the Https-Traffic. I don`t ned squid to touch the Data, recrypt it or anything else, as may others wanted squid to.
Surfing normally on http and https Sites with an Proxy and content filter (obviousliy not for https) would be great.

Is this possible?
Which Port is to be given to the Browser?
Howdo I open the required Port at my Server?
A don`t run any other stuff at the server, can I take any (useless) Stuff out if the .conf?

Heres my squid.conf:

# WELCOME TO SQUID 2.6.STABLE1
# ----------------------------

http_port 3128

icp_port 0
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid

cache_dir ufs /media/hdd1/squidcache

emulate_httpd_log on

hosts_file /etc/hosts

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl purge method PURGE
acl CONNECT method CONNECT

#Recommended minimum configuration:

http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access allow CONNECT SSL_ports
http_access allow Safe_ports
# And finally deny all other access to this proxy
http_access deny all

http_reply_access allow all
icp_access allow all
visible_hostname localhost
coredump_dir /var/spool/squid

Thanks for any help!

King Regards,

Felix Unterpaintner
Received on Thu Sep 20 2007 - 02:05:54 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT