Explicit Proxy won't forward ssl

  • I'm having an explicit (non transparent) proxy on my LAN side. The proxy forwards its traffic thru an upstream proxy (squid cache_peer)

    Client –> squid3/pfsense --> upstream cache --> internet

    This setting works fine for http.
    Unfortunately, it doesn't work for https.

    HTTPS can't connect thru the pfsense proxy.

    Here's my config:

    acl manager proto cache_object
    acl localhost src ::1
    acl home_network src
    acl guest_network src

    #Ports allowed through Squid
    acl Safe_ports port 80 #http
    acl Safe_ports port 443 #https
    acl SSL_ports port 443
    acl SSL method CONNECT
    acl CONNECT method CONNECT

    http_access allow localhost
    http_access allow home_network
    http_access allow guest_network
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny all

    #proxy ports
    http_port {proxy_server_IP}:3128

    Does anyone see my what's going wrong here?


  • Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration:

    always_direct deny all

Log in to reply