Yes, 3.4.x can't forward https. Upgrade to 3.5.x
10.11.15 15:08, Ahmad Alzaeem пишет:
Hi im using pfsense with cache peer
Squid version is 3.4.10
I have peer proxy on port 80 and I can use it with http and https
Now if I use pfsense in the middle and let pfsense go to remote proxy
(10.12.0.32 port 80 )
And I get internt from the pfsense proxy
I only have http websites working !!!
But https websites don’t work
Any help ?
Here is my pfsnese config :
# This file is automatically generated by pfSense
# Do not edit manually !
http_port 172.23.101.253:3128
icp_port 0
dns_v4_first on
pid_filename /var/run/squid/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
visible_hostname mne
cache_mgr aza...@mne.ps
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable off
pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
logfile_rotate 2
debug_options rotate=2
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src 172.23.101.0/24
forwarded_for off
via off
httpd_suppress_version_string on
uri_whitespace strip
acl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
cache_mem 64 MB
maximum_object_size_in_memory 256 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 KB
maximum_object_size 4 MB
cache_dir ufs /var/squid/cache 100 16 256
offline_mode off
cache_swap_low 90
cache_swap_high 95
cache allow all
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
#Remote proxies
# Setup some default acls
# From 3.2 further configuration cleanups have been done to make
things easier and safer. The manager, localhost, and to_localhost ACL
definitions are now built-in.
# acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128
3127 1025-65535
acl sslports port 443 563
# From 3.2 further configuration cleanups have been done to make
things easier and safer. The manager, localhost, and to_localhost ACL
definitions are now built-in.
#acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
# Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
# From 3.2 further configuration cleanups have been done to make
things easier and safer.
# The manager, localhost, and to_localhost ACL definitions are now
built-in.
# http_access allow localhost
request_body_max_size 0 KB
delay_access 1 allow allsrc
# Reverse Proxy settings
# Custom options before auth
dns_nameservers 8.8.8.8 10.12.0.33
cache_peer 10.12.0.32 parent 80 0 no-query no-digest no-tproxy proxy-only
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc
cheers
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
