for SSL inception, SSLBump is required: http://wiki.squid-cache.org/Features/SslBump This a bit complex to setup. SSL inception is not really good idea to implement.. I think it will not work with upstream proxy also. -- Eero 2016-10-29 22:37 GMT+03:00 paul.greene.va <paul.greene.va at verizon.net>: > I'm having issues getting squid to send traffic through a specific > upstream gateway. > > I need for a MS WSUS server and a Symantec Endpoint Protection Manager to > get through a squid proxy to get out to Microsoft and Symantec respectively > to get MS patches and Symantec DAT files. > > The traffic needs to go through the squid proxy, through a firewall, and > through an upstream McAfee gateway server. If it tries to take a path > different than that upstream gateway to get out to the internet, it'll get > dropped. > > However, once the traffic goes through the proxy, it tries to go directly > to the vendor website and not go through the McAfee gateway, and therefore > is getting blocked by the firewall. The traffic never reaches the McAfee > gateway. > > If I configure a browser to use the proxy server and browse to some > websites, it can get to http sites, but not https sites. Port 443 is what > isn't getting through. > > I thought this line in squid.conf was supposed to send the traffic to an > upstream cache_peer parent gateway, but I could easily be misunderstanding > what its supposed to do. (I'm pretty new with squid) > > cache_peer <upstream gateway IP address> parent 8080 3130 > proxy-only no-query no-netdb-exchange default login=<username>:<password> > > The Safe_ports and SSL_ports is the squid.conf default settings, and > include both port 443 and port 80 traffic > > Thanks, > > PG > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >