I am trying to have a setup where Squid is going to act as a transparent forward proxy, with caching enabled. I am leaning on a setup like here: https://aws.amazon.com/blogs/security/how-to-add-dns-filtering-to-your-nat-instance-with-squid/ (though I've tried a few similar ones as well).
The requirement is to have a transparent caching proxy on AWS, that will be used to reduce the traffic that is being pulled from a remote company (the data is being pulled on a schedule, while there are not many changes that often). This traffic causes additional cost, and caching that on our proxy on AWS could help us out a lot. The issue I have is, when I configure everything, the test server that is going through proxy is not actually caching anything, while if I try a test from the proxy itself (using squidclient) it does. So when the test server goes for a picture I have stored somewhere in the cloud, the squid access log shows "TCP_TUNNEL/200". But when I try from the proxy itself with squidclient tool, I get "TCP_MEM_HIT/200" (the first time it was MISS, before it was cached), so caching works properly - I even see the new folder being created or the cached content. I have the rerouting rules added to IP tables, source and destination check is disabled (AWS setup), and overall, traffic is going as it should. I assume I need to make some changes in the configuration, as that part is where I had to copy most of the stuff, and have least experience with. I've generated the certificate as per the doc, and my config is mostly the same as the one there: (note, I have tried with multiple changes to this config, without success) visible_hostname squid cache_dir ufs /squid/cache 10000 16 256 # Handle HTTP requests http_port 3128 http_port 3129 intercept acl allowed_http_sites dstdomain .amazonaws.com http_access allow allowed_http_sites # Handle HTTPS requests https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept acl SSL_port port 443 http_access allow SSL_port acl allowed_https_sites ssl::server_name .amazonaws.com acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 all ssl_bump peek step2 allowed_https_sites ssl_bump splice step3 allowed_https_sites ssl_bump terminate step3 all http_access deny all The cert and everything else is generated as per the guide (and a few guides are very similar here when it comes to this part). The whitelisting works, mostly everything else works too, so the only thing missing is squid not caching things that are requested by the test server and is instead only passing it through. Any idea what configuration changes I need in order to fix this? I guess I am doing something wrong with ssl bump. Thanks!
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users