Pessoal,

Estou com proxy transparente via Squid que acessa
todas as paginas normalmente, porem https nao tem
jeito. Ja reinstalei o squid varias vezes com a  opção
ssl e nao obtive exito. Estou usando regras do PF para
nat.

rdr on $int_if inet proto tcp from any to any port www
-> 127.0.0.1 port 3128


Abaixo segue o squid.conf

http_port 3128

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_replacement_policy heap GDSF

cache_dir diskd /squid 1000 16 256 Q1=72 Q2=64

cache_access_log /squid/logs/access.log

cache_log /squid/logs/cache.log

cache_store_log none

pid_filename /squid/logs/squid.pid

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

acl clientes src 192.168.0.0/24
acl proibido-url url_regex -i
"/squid/bloqueados/proibido-url"
acl proibido-urlpath urlpath_regex -i
"/squid/bloqueados/proibido-urlpath"
acl proibido-dominios dstdom_regex -i
"/squid/bloqueados/proibido-dominios"


http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibido-url
http_access deny proibido-urlpath
http_access deny proibido-dominios
http_access allow clientes
http_access deny all

cache_effective_user squid

cache_effective_group squid

visible_hostname squid.netwlink.com.br

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

logfile_rotate 4

coredump_dir none

Agradeço a ajuda de vcs.

Gustavo


__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger 
http://br.download.yahoo.com/messenger/ 

_______________________________________________
Freebsd mailing list
Freebsd@fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br

Responder a