Hello, I'm using squid 2.6.STABLE6 on CentOS. I succesfully configured squid both as a transparent proxy and normal proxy that's working fine on http and https in normal mode, but on transparent mode https is a challenge. http_port 3128 http_port 3129 transparent i'm redirecting with iptables like this: iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 10.0.0.0/8 --dport 80 -m mark --mark 0x0 -j REDIRECT --to-port 3129 I have 2 types of clients, that are accessing internet through squid or directly. How can i bypass squid for https traffic ONLY for squid users? I tried like this: iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 10.0.0.0/8 --dport 443 -m mark --mark 0x0 -j REDIRECT --to-port 3129 but it gives: 2008/03/22 16:54:41| parseHttpRequest: Requestheader contains NULL characters 2008/03/22 16:54:41| parseHttpRequest: Unsupported method '' 2008/03/22 16:54:41| clientReadRequest: FD 19 (10.x.x.3:1104) Invalid Request I think that i can make iptables rules for every ip in squid for allowing direct https, but i want to avoid this. is squid 3 capable through ssl bump for allowing https traffic without braking the certificate? or at least without notiffing the user. Thank you!
