how to let https traffic through http proxy ?

  • I have 3 VMs.

    • - pfSense ( with 3 nics, 1 wan, 2 lan (Lan, OthersRoute) )
    • - debian ( using clash as http proxy server.)
    • - centos (client machine)

    Other Info.

    • clash on debian, HTTP proxy listening port: 7890.
    • I start Squid service on my pfSense, and I checked Transparent HTTP Proxy option.
    • I add 2 custom options to squid.
      • cache_peer parent 7890 0 no-query
      • never_direct allow all

    Use commands on centos( client machine)

    curl -x -v, it works fine.

    curl -x -v, it works fine.

    curl, it works fine.

    curl, it's timeout.

    My Question.

    How to let https request transparent proxy to
    Just like curl -x

    More Info

    Enable SSL filtering.

    I tried to check the Enable SSL filtering. option.

    1. I create a cert in System / Cert. Manager
    2. SSL/MITM Mode: Splice All
    3. SquidGuard target rules: all
    4. It doesn't work.
    Port Forward
    1. Generated rule: rdr on em1 proto tcp from to any port 443 -> port 3128
    2. Generated rule: rdr on em2 proto tcp from to port 443 -> port 3128
    3. One Port Forward rule, but 2 generated rules
    4. command: curl -v
    5. It throws NSS error -5938 (PR_END_OF_FILE_ERROR) on the centos matchine.

    Thank you for reading. 😄

  • dunno why you need clash, but for proxying https you need squid-guard on pfsense

  • @srlek Hi, srlek
    Thank you for your reply.

    dunno why you need clash

    Because I am in China, the gov blocks a lot of websites.

    but for proxying https you need squid-guard on pfsense

    I have installed squid-guard package, and I set target rules=all, and it doesn't work.

    Maybe I need more knowledge about routing. 😂 😂 😂

Log in to reply