我想限制 YouTube 的带宽,所以我想拦截 https 连接。我按照几个教程操作,但不行。有人能帮我吗?
# Squid listen Port
http_port 192.168.1.215:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/example.com.private cert=/etc/squid/example.com.cert
# SSL Bump Config
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1
我将 myCA.pem 导入到 Web 浏览器,然后访问任何 Web https 时都会收到“代理服务器拒绝连接”的消息。如果不是 https,则一切顺利。
我能做些什么?????
这是access.log
192.168.1.172 TCP_HIT/200 52543 GET http://www.silencio.com.ar/wp-content/uploads/2016/07/AHJ8239-540x386.jpg - HIER_NONE/- image/jpeg
192.168.1.172 TCP_HIT/200 49912 GET http://www.silencio.com.ar/wp-content/uploads/2016/07/strokes-2001-adentro-540x386.jpg - HIER_NONE/- image/jpeg
192.168.1.172 TCP_HIT/200 43804 GET http://www.silencio.com.ar/wp-content/uploads/2016/07/ArcticMonkeys012-540x386.jpg - HIER_NONE/- image/jpeg
192.168.1.172 TCP_DENIED/200 0 CONNECT www.google-analytics.com:443 - HIER_NONE/- -
192.168.1.172 TCP_MISS/301 807 GET http://www.youtube.com/ - HIER_DIRECT/64.233.186.91 text/html
192.168.1.172 NONE/200 0 CONNECT www.youtube.com:443 - HIER_DIRECT/64.233.186.91 -
192.168.1.172 NONE/200 0 CONNECT blocklist.addons.mozilla.org:443 - HIER_DIRECT/52.35.149.230 -
谢谢!
(我不会说英语)
答案1
拦截 HTTPS 的第一个建议是使用最新的 squid 版本。截至撰写本文时,有用的 SSL-Bump 需要 Squid-3.5.19+。使用旧版本只会自找麻烦。