доброго времени суток.в компании разрешен доступ в интернет только через прокси....
есть необходимость пускать различные устройства (мобильные устройства, гостевые устройства ,смарт тв) где нельзя прописать прокси в интернет.для этого купили роутер и настроили транспарент прокси(squid 2.6) и нат для 80 и 443 портов.
http работает https нет, от родительского прокси приходят сообщения:
trying to retrieve the URL: https://code.google.com/p/ifmo-game-1/wiki/UsingSVNThe following error was encountered:
Unsupported Request Method and Protocol
Squid does not support all request methods for all access protocols. For example, you can not POST a Gopher request.
Можно ли что-то сделать на стороне транспарент прокси для решения данной проблемы?схема:
<pre>/------------\
\------------/|-----------|
client | wifi.|
| router |
/----------\| |
/ squid. | |
< transparent| |
\proxy. | |/-----\
\----------/|___________|\-----/ parent proxy
</pre>
>[оверквотинг удален]
> /----------\|
> |
> / squid. |
> |
> < transparent|
> |
> \proxy. |
> |/-----\
> \----------/|___________|\-----/ parent proxy
> </pre>Источник проблемы выявлен на "парент прокси" разрешен для SSL только CONNECT.
каким образом https GET/POST можно завернуть в CONNECT как это делает броузер?
никаким. https через прозрачный прокси не работал и не будет.
> никаким. https через прозрачный прокси не работал и не будет.при старте пишет:
# /opt/squid/sbin/squid -d 9 -f /opt/squid/etc/squid.conf
2014/06/04 16:54:00| SECURITY NOTICE: auto-converting deprecated "ssl_bump allow <acl>" to "ssl_bump client-first <acl>" which is usually inferior to the newer server-first bumping mode. Update your ssl_bump rules.
2014/06/04 16:54:00| WARNING: auto-converting deprecated implicit "ssl_bump deny all" to "ssl_bump none all". New ssl_bump configurations must not use implicit rules. Update your ssl_bump rules.
2014/06/04 16:54:00| WARNING: auto-converting deprecated "ssl_bump deny <acl>" to "ssl_bump none <acl>". Update your ssl_bump rules.
root@ubuntu:/opt/squid/ssl_cert# 2014/06/04 16:54:00 kid1| SECURITY NOTICE: auto-converting deprecated "ssl_bump allow <acl>" to "ssl_bump client-first <acl>" which is usually inferior to the newer server-first bumping mode. Update your ssl_bump rules.
2014/06/04 16:54:00 kid1| WARNING: auto-converting deprecated implicit "ssl_bump deny all" to "ssl_bump none all". New ssl_bump configurations must not use implicit rules. Update your ssl_bump rules.
2014/06/04 16:54:00 kid1| WARNING: auto-converting deprecated "ssl_bump deny <acl>" to "ssl_bump none <acl>". Update your ssl_bump rules.
2014/06/04 16:54:00 kid1| Set Current Directory to /opt/squid/var/cache/squid
2014/06/04 16:54:00 kid1| Starting Squid Cache version 3.4.4-20140414-r13119 for x86_64-unknown-linux-gnu...
2014/06/04 16:54:00 kid1| Process ID 8590
2014/06/04 16:54:00 kid1| Process Roles: worker
2014/06/04 16:54:00 kid1| With 1024 file descriptors available
2014/06/04 16:54:00 kid1| Initializing IP Cache...
2014/06/04 16:54:00 kid1| DNS Socket created at [::], FD 7
2014/06/04 16:54:00 kid1| DNS Socket created at 0.0.0.0, FD 8
2014/06/04 16:54:00 kid1| Adding nameserver 172.20.1.23 from squid.conf
2014/06/04 16:54:00 kid1| Adding nameserver 172.20.1.24 from squid.conf
2014/06/04 16:54:00 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2014/06/04 16:54:01 kid1| Logfile: opening log daemon:/opt/squid/var/logs/access.log
2014/06/04 16:54:01 kid1| Logfile Daemon: opening log /opt/squid/var/logs/access.log
2014/06/04 16:54:01 kid1| Unlinkd pipe opened on FD 24
2014/06/04 16:54:01 kid1| Store logging disabled
2014/06/04 16:54:01 kid1| Swap maxSize 102400 + 262144 KB, estimated 28041 objects
2014/06/04 16:54:01 kid1| Target number of buckets: 1402
2014/06/04 16:54:01 kid1| Using 8192 Store buckets
2014/06/04 16:54:01 kid1| Max Mem size: 262144 KB
2014/06/04 16:54:01 kid1| Max Swap size: 102400 KB
2014/06/04 16:54:01 kid1| Rebuilding storage in /opt/squid/var/cache/squid (no log)
2014/06/04 16:54:01 kid1| Using Least Load store dir selection
2014/06/04 16:54:01 kid1| Set Current Directory to /opt/squid/var/cache/squid
2014/06/04 16:54:01 kid1| Finished loading MIME types and icons.
2014/06/04 16:54:01 kid1| HTCP Disabled.
2014/06/04 16:54:01 kid1| Configuring Parent 172.20.200.124/80/3130
2014/06/04 16:54:01 kid1| Squid plugin modules loaded: 0
2014/06/04 16:54:01 kid1| Accepting HTTP Socket connections at local=127.0.0.1:80 remote=[::] FD 26 flags=9
2014/06/04 16:54:01 kid1| Accepting TPROXY intercepted HTTP Socket connections at local=192.168.1.220:3128 remote=[::] FD 27 flags=25
2014/06/04 16:54:01 kid1| Accepting TPROXY intercepted SSL bumped HTTPS Socket connections at local=192.168.1.220:3129 remote=[::] FD 28 flags=25
2014/06/04 16:54:01 kid1| Done scanning /opt/squid/var/cache/squid dir (0 entries)
2014/06/04 16:54:01 kid1| Finished rebuilding storage from disk.
2014/06/04 16:54:01 kid1| 0 Entries scanned
2014/06/04 16:54:01 kid1| 0 Invalid entries.
2014/06/04 16:54:01 kid1| 0 With invalid flags.
2014/06/04 16:54:01 kid1| 0 Objects loaded.
2014/06/04 16:54:01 kid1| 0 Objects expired.
2014/06/04 16:54:01 kid1| 0 Objects cancelled.
2014/06/04 16:54:01 kid1| 0 Duplicate URLs purged.
2014/06/04 16:54:01 kid1| 0 Swapfile clashes avoided.
2014/06/04 16:54:01 kid1| Took 0.40 seconds ( 0.00 objects/sec).
2014/06/04 16:54:01 kid1| Beginning Validation Procedure
2014/06/04 16:54:01 kid1| Completed Validation Procedure
2014/06/04 16:54:01 kid1| Validated 0 Entries
2014/06/04 16:54:01 kid1| store_swap_size = 0.00 KB
2014/06/04 16:54:02 kid1| storeLateRelease: released 0 objects
при попытку подключиться:
telnet 192.168.1.220 3128
Trying 192.168.1.220...
Connected to 192.168.1.220.
Escape character is '^]'.
Connection closed by foreign host.# netstat -an|grep 3128
tcp 0 0 192.168.1.220:3128 0.0.0.0:* LISTEN
к чему сие? :)>> никаким. https через прозрачный прокси не работал и не будет.
> при старте пишет: