> Yogesh Patil wrote: >> hi, >> I am using SQUID 2.6.STABLE17 with CentOS 5, & BIND >> DNS SERVER configured on the same box, i have configured squid as >> transparent proxy with all default settings , and applied iptables >> rule by using the following >> command >> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT >> --to-port 3128 >> >> i am able to browse http websites, but when i try to open https >> sites, such as, gmail.com, hotmail.com etc.. i am not able to get any >> response from the proxy. >> i have also tryied with forwarding 443 (https) port to the 3128 >> (squid) port but still no success. >> > For transparently proxying HTTPS, I believe you will need to configure > the "https_port 3129 cert=..." setting in squid.conf and configure > iptables to redirect port 443 to 3129. Squid port 3128 isn't able to > recognize the SSL protocol negotiation that occurs at the start of the > connection when HTTPS is transparently proxied... Squid 2.6 is also not capable of SSL interception. For that you will need the SSLBump branch or squid 3.1 when its out. Amos
