Re: [squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

On 28/01/2017 17:47, Alex Rousskov wrote: Our design goal is: intercept and bump local client https traffic on squid1 (so we can filter certain urls, cache content etc.) and then forward the request on to the origin server via an upstream squid2 (which has internet access). Understood. Squid c

Re: [squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

On 01/27/2017 05:32 PM, Charlie Orford wrote: > Obviously it makes no sense > intercepting ssl traffic if we're going to splice everything. It actually does make a lot of sense in many environments, but not necessarily yours. > Our design goal is: intercept and bump local client https traffic on

Re: [squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

On 28/01/2017 1:32 p.m., Charlie Orford wrote: > On 27/01/2017 23:43, Alex Rousskov wrote: >> On 01/27/2017 04:04 PM, Charlie Orford wrote: >>> A post from another user on this list seems to suggest they successfully >>> got squid to do what we want >>> (http://lists.squid-cache.org/pipermail/squid

Re: [squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

On 27/01/2017 23:43, Alex Rousskov wrote: On 01/27/2017 04:04 PM, Charlie Orford wrote: A post from another user on this list seems to suggest they successfully got squid to do what we want (http://lists.squid-cache.org/pipermail/squid-users/2015-November/007955.html) but when emulating their se

Re: [squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

On 01/27/2017 04:04 PM, Charlie Orford wrote: > Clients get a SQUID_X509_V_ERR_DOMAIN_MISMATCH error (because the > auto-generated cert squid1 gives to the client contains the domain of > the cache_peer *not* the ultimate origin server). Under normal circumstances, Squid should generate no certif

Re: [squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

To follow up: Adding ssl to the cache_peer directive on squid1 (and changing squid2 so it listens for connections on an https_port) gets us a little further but still doesn't work. Clients get a SQUID_X509_V_ERR_DOMAIN_MISMATCH error (because the auto-generated cert squid1 gives to the clien

[squid-users] Clarity on sending intercepted HTTPS traffic upstream to a cache_peer

Hi list We're using squid 3.5.23 and trying to achieve the following: client https request (not proxy aware) -> squid1 (https NAT intercept) -> upstream squid2 (configured as a cache_peer in squid1) -> origin server (e.g. www.google.com) Amos mentioned in this thread http://lists.squid-cach