Hello,yes I have full control of all three proxies, both local proxies and remote proxy; and in my LAN I use static IP addresses;
cache_peer_access remote-proxy allow remote-domains <-- this is neccessary because a few domains
have geo location restrictions which are bypassed
with this
cache_peer_access remote-proxy allow tv-device <-- but this sends
anything from the TV there,
even requests that should be blocked ...
(selective doesn't work)
the proxy that is used by the clients is a squid 3.1.23, the one that is
remote is a 3.4.14 and the local parent proxy is a 3.5.20
Thanks, Walter On 28.11.2016 04:40, Eliezer Croitoru wrote:
A question that will simplify things: Are you full in control of the remote and the local proxy? If so you can create a tunnel from the local gateway to the remote squid and pass the web traffic in the routing level. This way you would be able to intercept port 80 on the remote proxy and if required also BUMP the ip addresses you want. If you have static IP addresses you would probably be able to decide which of the clients you will bump or not. I think that TV in general in the form I know of needs filtering since not everything there you will want anyone to see. But again maybe in your area TV is something else then in mine. If you need more help let me know. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -----Original Message----- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Walter H. Sent: Sunday, November 27, 2016 19:17 To: squid-users@lists.squid-cache.org Subject: [squid-users] Hint for howto wanted ... Hello, I've got a special problem ... I have several devices in my LAN: - PCs, Notebooks - a Tablet-PC - a Smartphone - a Television on my LAN I've two squids as VMs on my PC (both are CentOS 6) I also have a virtual server (a CentOS 6, too) at a webhoster in a different country, which I have configured as a proxy (squid) only for me besides the web service; /etc/squid/squid.conf of the main proxy, which is used as proxy by the clients has this ... acl tv-device src ip-of-tv cache_peer parentproxy.local parent 3128 0 name=local-proxy proxy-only no-digest default cache_peer virtualserver-at-webhoster parent 3128 0 name=remote-proxy proxy-only no-digest acl remote-domains dstdomain "/etc/squid/remote-domains-acl.squid" cache_peer_access remote-proxy allow remote-domains cache_peer_access remote-proxy allow tv-device cache_peer_access remote-proxy deny all cache_peer_access local-proxy allow !tv-device this proxy and the one at the webhoster don't do SSL-bump, only the parent proxy does ... at the moment only the parentproxy.local does filtering and blocks unwandted IPs, hosts, ... what is the easiest way to do smart filtering for the tv-device, as this doesn't use parentproxy.local at all ... do I really have to do smart filtering on both, the one at the hoster (plus SSL bump) and the parentproxy that already does? Thanks, Walter
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
