Category: debian

Posted on

Squid 3.4.x for with transparent ssl proxying/support for Debian Wheezy.

I needed  a variant of Squid which supported transparent SSL interception (i.e via iptables redirection) so I could log outgoing HTTPS requests without the client being aware.

The stock wheezy variant doesn’t support SSL (see : Debian Bug Report).

Even after recompiling Wheezy’s squid3 it didn’t seem to work (perhaps my stupidity) so I ended up moving to the latest-and-greatest squid (3.4.9 at the time of writing) and getting that to work. Brief notes follow.

Continue reading “Squid 3.4.x for with transparent ssl proxying/support for Debian Wheezy.”

Posted on

Debian http_proxy setting

Need to set a HTTP proxy within a Debian system ?

Assuming your proxy server is on 192.168.0.1 and listening on port 3128, then the below may help …

( If you need authentication you can use username:password@ like you would in an old style web browser – e.g. http://username:password@192.168.0.1:3128. )

/etc/profile.d/proxy.sh

Add /etc/profile.d/proxy.sh containing

export http_proxy=http://192.168.0.1:3128

/etc/apt/apt.conf.d/99HttpProxy

Add /etc/apt/apt.conf.d/99HttpProxy containing

Acquire::http::Proxy "http://192.168.0.1:3128";

/etc/wgetrc

Edit /etc/wgetrc and add

http_proxy = http://192.168.0.1:3128

(some system commands rely on wget, and may not otherwise use an environment variable, e.g. debootstrap; the http_proxy setting should be present by default but commented out).

(This is all, in a round about way, relayed to the http proxy security vulnerability announced in July 2016 – see httpoxy.org for more info)