[ZT]squid中实现https的透明代理
时间:2009-08-13 来源:emailwht
From:http://hi.baidu.com/zkheartboy/blog/item/9e37f0cd374e7f540eb345fe.html
使用iptbales+squid很容易实现http透明代理
如果要https的透明代理也只需要下面两个步骤就行了
1.生成测试用的证书:
openssl req -new -keyout /etc/squid/key.pem -nodes -x509 -days 365 -out /etc/squid/cert.pem
(如果要生成一个证书请求用于申请正式证书请用下面两个命令:
生成私钥 openssl genrsa -out key.pem 1024
生成待签名证书 openssl req -new -out req.csr -key key.pem
然后将req.csr文件中的内容提交给证书颁发机构。)
2. 在squid.conf相应地方添加
https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
如果出现下面的错误
The following error was encountered:
Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
只需要在https_port 后面在加transparent
https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
我的试了,可是不行,错误日志如下,有时间再研究一下:
Aug 13 09:01:01 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
Aug 13 09:05:55 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
Aug 13 09:05:57 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
Aug 13 09:12:02 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
Getting this error when accessing the login for Prepaid Verizon Wireless Link:
1) Error:
=========================================================
"ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: myaccount.verizonwireless.com:443
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
./configure --enable-storeio=ufs,null ...
使用iptbales+squid很容易实现http透明代理
如果要https的透明代理也只需要下面两个步骤就行了
1.生成测试用的证书:
openssl req -new -keyout /etc/squid/key.pem -nodes -x509 -days 365 -out /etc/squid/cert.pem
(如果要生成一个证书请求用于申请正式证书请用下面两个命令:
生成私钥 openssl genrsa -out key.pem 1024
生成待签名证书 openssl req -new -out req.csr -key key.pem
然后将req.csr文件中的内容提交给证书颁发机构。)
2. 在squid.conf相应地方添加
https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
如果出现下面的错误
The following error was encountered:
Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
只需要在https_port 后面在加transparent
https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
我的试了,可是不行,错误日志如下,有时间再研究一下:
Aug 13 09:01:01 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
Aug 13 09:05:55 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
Aug 13 09:05:57 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
Aug 13 09:12:02 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
Getting this error when accessing the login for Prepaid Verizon Wireless Link:
1) Error:
=========================================================
"ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: myaccount.verizonwireless.com:443
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
./configure --enable-storeio=ufs,null ...
相关阅读 更多 +
