Configuratio file for squid https forwarding proxy
/etc/squid/squid.conf
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # waiss
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \? asp aspx jsp
## Prevent caching jsp, cgi-bin etc
cache deny QUERY
## Only allow access to the defined safe ports whitelist
http_access deny !Safe_ports
## Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
## Only allow cachemgr access from localhost
http_access allow all
#http_access deny manager
## Squid normally listens to port 3128
http_port 3128
## How much RAM, in MB, to use for cache? Default since squid 3.1 is 256 MB
cache_mem 64 MB
## Maximum size of individual objects to store in cache
maximum_object_size 1 MB
## Amount of data to buffer from server to client
read_ahead_gap 64 KB
#forwarded_for on
forwarded_for delete
## Suppress sending squid version information
httpd_suppress_version_string on
## How long to wait when shutting down squid
shutdown_lifetime 30 seconds
## Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
## Use the below to avoid proxy-chaining
always_direct allow all
## Always complete the server-side handshake before client-side (recommended)
ssl_bump bump all
## Allow server side certificate errors such as untrusted certificates, otherwise the connection is closed for such errors
sslproxy_cert_error allow all
## Accept certificates that fail verification (should only be needed if using 'sslproxy_cert_error allow all')
sslproxy_flags DONT_VERIFY_PEER
## Disable SSLv2 because it isn't safe
http_port 3128 intercept ssl-bump cert=/usr/local/squid/ssl_cert/squid.crt key=/usr/local/squid/ssl_cert/squid.key options=NO_SSLv2