{channel.title!channel.name} - 楚淮公司周东林


squid配置SSL,截取官网上的操作方法。原文地址 https://wiki.squid-cache.org/Features/SslBump

Squid Configuration

Here is a sample squid.conf excerpt with SSL Bump-related options:


Enabling SSL Bump

Example of how to configure the HTTP port to bump CONNECT requests

http_port 3128 ssl-bump cert=/usr/local/squid3/etc/site_priv+pub.pem

# Bumped requests have relative URLs so Squid has to use reverse proxy
# or accelerator code. By default, that code denies direct forwarding.
# The need for this option may disappear in the future.
always_direct allow all


Access Controls

ssl_bump is used to prevent some requests being bumped.

Example of how to avoid bumping requests to sites that Squid-3.1 or Squid-3.2 cannot proxy well:

acl broken_sites dstdomain .example.com
ssl_bump deny broken_sites
ssl_bump allow all

The ssl_bump directive in Squid-3.3 has been updated to select between several bumping algorithms. The above rules are now configured like this:

acl broken_sites dstdomain .example.com
ssl_bump none broken_sites
ssl_bump client-first all
  • /!\ However Squid-3.3 and later provide the server-first algorithm which can be used in place of client-first in the above rules and is better for bumping HTTPS as it avoided the problems below.

浏览.发表于:2018-07-24 10:57:24