Hello Alex, Our setup is as follows:
Clients -> squid proxy -> internet. This works with the config as previously mentioned. Clients -> squid proxy (with cache_peer) -> Parent Proxy (not Squid) -> internet Does not work. However I've also setup the following: Cleints -> Squid Proxy (with cache_peer) -> Parent Proxy (Squid Proxy) -> internet This seems at least to work for http traffic, however, I don't see any HTTPS traffic coming into the Parent Proxy (Squid). Now this morning I will do some more tcpdumping to see where that traffic is going, but maybe you can already shed some light on this? Kind regards, -----Oorspronkelijk bericht----- Van: Alex Rousskov [mailto:[email protected]] Verzonden: donderdag 1 juni 2017 18:49 Aan: Madonna, A. (spir-it) <[email protected]>; [email protected] Onderwerp: Re: [squid-users] squid proxy 3.5 redhat 7.3 On 06/01/2017 10:09 AM, Madonna, A. (spir-it) wrote: > can we use ssl_bump to intercept https traffic with a parent proxy > (cache_peer). IIRC, you may be able to use limited SslBump features, but not the full SslBump functionality: Peeking or staring at the origin server through a cache_peer is not supported (yet). > ssl_bump peek step1 > cache_peer ... parent 8080 0 no-query no-netdb-exchange no-digest Bugs notwithstanding, the above combination should work because peeking at step1 does not require communication with a cache_peer and splicing at step2 should follow the regular (non-SslBump) tunneling path for CONNECTs, where modern Squids do support cache peers. I recommend that you make everything work without a cache_peer and then add a cache_peer. Alex. ________________________________ Informatie van de Raad voor de rechtspraak, de rechtbanken, de gerechtshoven en de bijzondere colleges vindt u op www.rechtspraak.nl. _______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
