Re: [squid-users] Forwarding HTTP and HTTPS Traffic to an Upstream Proxy using Cache_Peer on separate ports
Ric Lonsdale wrote: Hi, I am testing a product called Finjan, which is a website anti-virus/malicious code checker that potentially blocks websites. I'm using Squid.2.6-STABLE-12 on an IBM x345 server, with RedHat ES3.0, and have configured the following fields to make the Finjan appliance a parent proxy to my Squid setup. Aha. Excellent. For the wiki: was there anything, even minor, needed to build squid 2.6 on RH? If you are looking at using this in production I'd advise going to stable 18 for better security. However, the Finjan appliance listens on port 8080 for standard HTTP traffic, but listens on 8443 for HTTPS (SSL) traffic, and squid returns the following error with this setup. FATAL: ERROR: cache_peer 10.198.1.2 specified twice Squid Cache (Version 2.6.STABLE12): Terminated abnormally. CPU Usage: 0.006 seconds = 0.001 user + 0.005 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Aborted cache_peer 10.198.1.2 parent 8080 7 no-query cache_peer 10.198.1.2 parent 8443 7 no-query They need unique name= for squid to tell them apart. Thanks yourself. Amos -- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.
Re: [squid-users] Forwarding HTTP and HTTPS Traffic to an Upstream Proxy using Cache_Peer on separate ports
On Wed, 20 Feb 2008 19:57:45 - "Ric Lonsdale" <[EMAIL PROTECTED]> wrote: > However, the Finjan appliance listens on port 8080 for standard HTTP > traffic, but listens on 8443 for HTTPS (SSL) traffic, and squid > returns the following error with this setup. > > FATAL: ERROR: cache_peer 10.198.1.2 specified twice > cache_peer 10.198.1.2 parent 8080 7 no-query > cache_peer 10.198.1.2 parent 8443 7 no-query > acl httptraffic proto HTTP > acl httpstraffic proto HTTPS > http_access allow httptraffic > http_access allow httpstraffic > cache_peer_access 10.198.1.2 allow httptraffic > cache_peer_access 10.198.1.2 allow SSL_ports > never_direct allow all > > Is it possible to change the squid.conf settings to send HTTP and > HTTPS requests to the same upstream Finjan appliance, but on separate > ports? You'll be wanting to do the following: cache_peer 10.198.1.2 parent 8080 7 no-query name=finjanhttp cache_peer 10.198.1.2 parent 8443 7 no-query name=finjanhttps cache_peer_access finjanhttp allow httptraffic cache_peer_access finjanhttps allow httpstraffic hth Tony
