Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: enable ssl on squid3

  1. #1
    Join Date
    Nov 2010
    Beans
    54

    enable ssl on squid3

    i tray to enable ssl on squid but its didnt work !!!!
    how to compile it right ?

  2. #2
    Join Date
    Mar 2013
    Beans
    27

    Re: enable ssl on squid3

    Are your proxy transparent? If you use transparent proxy you can't work with ssl anyway.

  3. #3
    Join Date
    Nov 2010
    Beans
    54

    Re: enable ssl on squid3

    ok .
    how to make it work ?

  4. #4
    Join Date
    Mar 2013
    Beans
    27

    Re: enable ssl on squid3

    What are you mean about work? You can't open https-sites or deсrypt content?
    You can't decrypt https content anyway, it's impossible, if proxy is transparent. Is proxy transparent?

  5. #5
    Join Date
    Nov 2010
    Beans
    54

    Re: enable ssl on squid3

    yes its transparent
    what i need it from enabling ssl on squid to filter https sites not to decrypt it

  6. #6
    Join Date
    Mar 2013
    Beans
    27

    Re: enable ssl on squid3

    Before client get ssl-certificate, he must connect to server without encryption, squid must see that. You need to check squid options for port 443, squid must listen it. Or redirect port 443 to squid port.
    I can't tell more accurately, I have no suid now.

  7. #7
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,527
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: enable ssl on squid3

    You need to read this: http://wiki.squid-cache.org/Features/SslBump

    Squid 3.3 is supposed to support transparent HTTPS proxying. You'll still need to generate a certificate for the proxy and distribute it to all your users' browsers. Implementing this is very complex. I'm going to start testing 3.3 for one of my clients in the next couple of weeks.

    Right now we block HTTPS requests with iptables, but that requires knowing the IP addresses for all the hosts/subnets you wish to block. In some cases that requires many, many rules. Here is the list of addresses required just to block Facebook.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  8. #8
    Join Date
    Mar 2013
    Beans
    27

    Re: enable ssl on squid3

    Very intresting news. Please, tell results after testing. Thanks.

  9. #9
    Join Date
    Nov 2010
    Beans
    54

    Re: enable ssl on squid3

    Quote Originally Posted by Vitsliputsli View Post
    Before client get ssl-certificate, he must connect to server without encryption, squid must see that. You need to check squid options for port 443, squid must listen it. Or redirect port 443 to squid port.
    I can't tell more accurately, I have no suid now.


    i done redirect 443 port to 3130 on squid but its still give me errors

  10. #10
    Join Date
    Nov 2010
    Beans
    54

    Re: enable ssl on squid3

    Quote Originally Posted by SeijiSensei View Post
    You need to read this: http://wiki.squid-cache.org/Features/SslBump

    Squid 3.3 is supposed to support transparent HTTPS proxying. You'll still need to generate a certificate for the proxy and distribute it to all your users' browsers. Implementing this is very complex. I'm going to start testing 3.3 for one of my clients in the next couple of weeks.

    Right now we block HTTPS requests with iptables, but that requires knowing the IP addresses for all the hosts/subnets you wish to block. In some cases that requires many, many rules. Here is the list of addresses required just to block Facebook.

    i had many issue with compail squid and i cant use its by compailing it , can you give me the way to compail it right on server 12.04?

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •