[ZT]squid中实现https的透明代理

From:http://hi.baidu.com/zkheartboy/blog/item/9e37f0cd374e7f540eb345fe.html

使用iptbales+squid很容易实现http透明代理
如果要https的透明代理也只需要下面两个步骤就行了
1.生成测试用的证书：

openssl req -new -keyout /etc/squid/key.pem -nodes -x509 -days 365 -out /etc/squid/cert.pem

(如果要生成一个证书请求用于申请正式证书请用下面两个命令：

生成私钥 openssl genrsa -out key.pem 1024
生成待签名证书 openssl req -new -out req.csr -key key.pem

然后将req.csr文件中的内容提交给证书颁发机构。)

2. 在squid.conf相应地方添加

https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem

如果出现下面的错误

The following error was encountered:

Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method

Missing URL

Missing HTTP Identifier (HTTP/1.0)

Request is too large

Content-Length missing for POST or PUT requests

Illegal character in hostname; underscores are not allowed

只需要在https_port 后面在加transparent

https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent

我的试了，可是不行，错误日志如下，有时间再研究一下：

Aug 13 09:01:01 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem
Aug 13 09:05:55 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
Aug 13 09:05:57 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem transparent
Aug 13 09:12:02 adsl squid: Bungled squid.conf line 97: https_port 443 cert=/etc/squid/cert.pem /etc/squid/key.pem

Getting this error when accessing the login for Prepaid Verizon Wireless Link:

1) Error:
=========================================================
"ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: myaccount.verizonwireless.com:443

The following error was encountered:

* Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

./configure --enable-storeio=ufs,null ...

阅读(2657) | 评论(0) | 转发(0) |

0
上一篇：泡沫惊梦

下一篇：许知远:我们这一代

相关热门文章
linux 常见服务端口

【ROOTFS搭建】busybox的httpd...

什么是shell

linux socket的bug??

linux的线程是否受到了保护？...

IBM DS3400 盘阵怎么查看是单...

启动auditd时，报错如下，怎么...

CGSL系统中root密码正确，但无...

在CGSL系统中，如何为不同的用...

CGSL系统如何设置交换分区的大...

给主人留下些什么吧！~~

评论热议