HTTPS com squid como Proxy Filho

1. HTTPS com squid como Proxy Filho

victorsputnic
(usa Red Hat)

Enviado em 17/09/2013 - 16:52h

E ae pessoal, estou com problemas para abrir páginas https na minha rede.
Configurei um proxy filho em cima de um proxy central a fim de restringir mais o acesso.
Apliquei lista branca e as demais configurações padrões das portas SSL_ports e Safe_ports foram mantidas. Alguém pode me ajudar a resolver o caso?

#SQUID.CONF
http_port 3128
visible_hostname proxy-filho
cache_peer proxy.princial.local parent 2303 3130 no-query no-digest
cache_effective_user squid

cache_mem 596 MB
maximum_object_size_in_memory 512 KB
minimum_object_size 0 KB
maximum_object_size 500 MB

dns_nameservers 8.8.8.8
dns_nameservers 8.8.4.4
dns_nameservers 10.217.80.56

coredump_dir /usr/var/cache/squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl rede_local src 10.217.80.0/24

#BLOQUEIO DE STREAMING
acl audiovideo urlpath_regex -i "/usr/etc/audiovideo"
http_access deny all audiovideo
acl videoaudio rep_mime_type -i "/usr/etc/videoaudio"
http_reply_access deny all videoaudio

#ACLs
acl SSL_ports port 262 443 465 563 636 989 990
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, news
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
acl liberados url_regex -i "/usr/etc/sites_liberados"

#HTTP_ACCESS
http_access allow liberados
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny manager
http_access deny rede_local
http_access deny all

0 0

Quote