ProxHTTPSProxyMII: Reloaded
|
May. 08, 2018, 09:45 AM
(This post was last modified: May. 09, 2018 09:24 AM by ryszardzonk.)
Post: #206
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
Hi
I am redirecting all HTTP/S traffic to squid for caching Code: iptables -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.101.0/24 ! -d 192.168.101.0/24 --dport 80 -j REDIRECT --to-port 8080 which than I am receiving in squid for transparent caching separately for http & https traffic Code: http_port 192.168.101.101:8080 intercept All that is forwarded to privoxy for filtering where as privoxy does not handle ssl traffic is filtered only for http sites Code: cache_peer 127.0.0.1 parent 3128 0 no-query no-digest What I am planning to do is to separate traffic for http & https Code: acl ACL_HTTP proto HTTP Way I see it that from squid I send https traffic to ProxHTTPSProxyMII which sends it to privoxy for filtering and gets it back from privoxy to send to actual server. Is this correct approach and if it is how do I configure privoxy for it. So far I have rather simple configuration which does not differentiate between front and rear server Code: ... My question is do I need to edit privoxy config to listen on more than port 3128 or do I need to simply edit config.ini from ProxHTTPSProxyMII into this? Code: ProxAddr = http://localhost:3128 EDIT: It turned out that to use squid for ssl parent proxy I had to add option "ssl" to that proxy otherwise squid would fail with Code: 2018/05/09 07:50:44 kid1| assertion failed: PeerConnector.cc:116: "peer->use_ssl" cache_peer 127.0.0.1 parent 3129 0 name=https_peer ssl no-query no-digest instead of cache_peer 127.0.0.1 parent 3129 0 name=https_peer no-query no-digest |
|||
« Next Oldest | Next Newest »
|