SSL是否与父代理一起工作? squid和pf是这样设置的:
squid.conf :
http_port 3128 intercept https_port 3129 intercept ssl-bump generate-host-certificates=on key=/usr/local/etc/squid/ssl/squid.key cert=/usr/local/etc/squid/ssl/squid.pem sslproxy_flags DONT_VERIFY_PEER sslproxy_cert_error allow all ssl_bump client-first none ssl_bump server-first all cache_peer proxy.office.com parent 8080 0 login=user:password
pf.conf
rdr pass on lo0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128 rdr pass on lo0 proto tcp from any to any port 443 -> 127.0.0.1 port 3129 pass out on en0 route-to lo0 inet proto tcp from any to any port 80 keep state pass out on en0 route-to lo0 inet proto tcp from any to any port 443 keep state
squid版本:
Squid Cache: Version 3.2.9 configure options: '--disable-debug' '--disable-dependency-tracking' '--prefix=/usr/local/Cellar/squid/3.2.9' '--localstatedir=/usr/local/var' '--enable-ssl' '--enable-ssl-crtd' '--disable-eui' '--enable-ipfw-transparent' 'CC=cc' 'CXX=c++' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig:/usr/local/Library/ENV/pkgconfig/10.8'
一切工作正常的HTTP但HTTPS连接提高1372080519.323 0 172.17.244.135 NONE/400 3998 NONE error:invalid-request - HIER_NONE/- text/html在cache.log 。 父代理如果在浏览器中设置为HTTPS代理,则可以工作。
那里需要3条线:
http_port 3128 http_port 3129 intercept https_port 3130 intercept ssl-bump...
将浏览器HTTP和SSL代理指向3128,它应该可以工作。 任何时候,它获得一个安全的连接请求,它下降到3130为https。 没有其他的防火墙条目需要,因为它是所有内部与鱿鱼。