Explicit Proxy won't forward ssl
-
I'm having an explicit (non transparent) proxy on my LAN side. The proxy forwards its traffic thru an upstream proxy (squid cache_peer)
Client –> squid3/pfsense --> upstream cache --> internet
This setting works fine for http.
Unfortunately, it doesn't work for https.HTTPS can't connect thru the pfsense proxy.
Here's my config:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl home_network src 192.168.1.0/24
acl guest_network src 192.168.0.0/24#Ports allowed through Squid
acl Safe_ports port 80 #http
acl Safe_ports port 443 #https
acl SSL_ports port 443
acl SSL method CONNECT
acl CONNECT method CONNECT#allow/deny
http_access allow localhost
http_access allow home_network
http_access allow guest_network
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all#proxy ports
http_port {proxy_server_IP}:3128Does anyone see my what's going wrong here?
Cu
Ben -
Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration:
always_direct deny all