Sorry for my bad english, I want to make a anonymous https & http proxy that pass through any requests without decrypting or change them, only change ip address from client ip to my server ip address and define ip address of my websites that i want to access them from my client in /etc/hosts, so i try to install squid on my server and i have good experience when i set proxy in client with server ip and port 3128 and i can access http & https behind this proxy, but when i try to using /etc/hosts i cannot access to https websites. i try to install squid lot of time with any install instructions that i found from googling. I have server with CentOS 7 with one valid internet ip address.
For more explain of what i want to do, i need my squid to work like this ip 173.161.0.227 When i add *173.161.0.227 www.iplocation.net <http://www.iplocation.net>* to my client /etc/hosts I can browse https://www.iplocation.net that tell me my client ip address is 173.161.0.227 I want do my proxy server same as 173.161.0.227 *My problem is now with below config is:* when i define *216.55.x.x www.iplocation.net <http://www.iplocation.net>* to /etc/hosts in my client i cannot access to https://www.iplocation.net and hang on connecting and then give me timeout error, I`m appreciate for help me to resolve this problem. I ask it before in http://serverfault.com/questions/805413/squid-with-iptables-bypass-https but i cannot resolve it *My Iptables config is:* iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3130 *My squid config is:* acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src 127.0.0.1 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access allow manager http_access allow localnet http_access allow localhost http_access allow all http_port 3128 http_port 80 http_port 0.0.0.0:3129 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB https_port 0.0.0.0:3130 ssl-bump intercept cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER cache_dir ufs /var/cache/squid 100 16 256 coredump_dir /var/cache/squid sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/squid/ssl_db -M 4MB sslcrtd_children 50 startup=1 idle=1 sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER ssl_bump peek all ssl_bump splice all ssl_bump bump all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320forwarded_for delete On Tue, Oct 4, 2016 at 4:44 PM, Antony Stone < antony.st...@squid.open.source.it> wrote: > On Tuesday 04 October 2016 at 14:51:13, Mehdi Yeganeh wrote: > > > Thanks for quick replay, > > I need to use my server, i configure my ip address in some software like > > antivirus and ... > > ... and what? > > I do not understand what antivirus software has to do with our discussion. > Please give details, don't just write "...". > > > So, I want all of that working > > All of what? > > > with my server ip address and for this reason I cannot use torproxy or > > torproject. I need a proxy server (squid) on my server > > In that case install Squid on your server. What is the problem? > > > More details about 173.161.0.227: > > Its sophos web appliance that use squid on debian and using some other > > proxy software (Astaro HttpProxy) with squid and > > iptables for forwarding ports. but i can`t find the other proxy software > > for download. so, i just have squid alone (although iptables is present) > > Okay, so I understand that the machine on that IP address (which appears > to be > serving Pennoyer School in Illinois, with connectivity provided by > Comcast) is > a "Sophos web appliance" - some sort of combined firewall / proxy / port > forwarder. > > What is the relevance of that machine to your question? > > > Please tell me that should i use other tools or squid can do it? > > Do what? > > Please explain exactly what it is you are trying to achieve, and hoping > that > Squid is a solution for. > > > Regards, > > > Antony. > > -- > Police have found a cartoonist dead in his house. They say that details > are > currently sketchy. > > Please reply to the > list; > please *don't* CC > me. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
