how to let https traffic through http proxy ?



  • I have 3 VMs.

    • 192.168.200.1 - pfSense ( with 3 nics, 1 wan, 2 lan (Lan, OthersRoute) )
    • 192.168.200.33 - debian ( using clash as http proxy server.)
    • 192.168.200.32 - centos (client machine)

    Other Info.

    • clash on debian, HTTP proxy listening port: 7890.
    • I start Squid service on my pfSense, and I checked Transparent HTTP Proxy option.
    • I add 2 custom options to squid.
      • cache_peer 192.168.200.33 parent 7890 0 no-query
      • never_direct allow all

    Use commands on centos( client machine)

    curl -x 192.168.200.33:7890 -v https://www.google.com, it works fine.

    curl -x 192.168.200.1:3128 -v https://www.google.com, it works fine.

    curl http://www.google.com, it works fine.

    curl https://www.google.com, it's timeout.

    My Question.

    How to let https request transparent proxy to 192.168.200.1:3128/192.168.200.33:7890?
    Just like curl -x 192.168.200.1:3128.

    More Info

    Enable SSL filtering.

    I tried to check the Enable SSL filtering. option.

    1. I create a cert in System / Cert. Manager
    2. SSL/MITM Mode: Splice All
    3. SquidGuard target rules: all
    4. It doesn't work.
    Port Forward
    1. Generated rule: rdr on em1 proto tcp from 192.168.200.0/24 to any port 443 -> 192.168.200.1 port 3128
    2. Generated rule: rdr on em2 proto tcp from 192.168.200.0/24 to 192.168.200.0/24 port 443 -> 192.168.200.1 port 3128
    3. One Port Forward rule, but 2 generated rules
    4. command: curl -v http://www.baidu.com
    5. It throws NSS error -5938 (PR_END_OF_FILE_ERROR) on the centos matchine.

    Thank you for reading. 😄



  • dunno why you need clash, but for proxying https you need squid-guard on pfsense



  • @srlek Hi, srlek
    Thank you for your reply.

    dunno why you need clash

    Because I am in China, the gov blocks a lot of websites.

    but for proxying https you need squid-guard on pfsense

    I have installed squid-guard package, and I set target rules=all, and it doesn't work.

    Maybe I need more knowledge about routing. 😂 😂 😂


Log in to reply