Search squid archive

Re: WCCP2 L2 redirect with Squid transparent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- "Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote:

> Shawn Wright wrote:
> > Got it working after closer inspection of tcpdump output, which
> revealed a routing problem.
> > 
> > Now I need to move on to SSL traffic. We are using Squid 2.6-20 in
> production, so clearly we need to upgrade to use SSLbump. Which
> version of squid is considered most stable for use with SSLbump, in
> conjunction with many ACLs and delay pools. 
> > 
> > Thanks
> > 
> 
> I should mention that SSL Bump only works for browsers configured 
> explicitly to know the proxy is there and also to trust the proxy 
> generated SSL certificates.

I have seen a few people mentioning it can work in transparent (redirect) mode, but I'd rather not venture into unsupported territory in a production environment. Our focus now is to get the most seamless solution using NAT for SSL traffic, and transparent proxy for http traffic, while still providing as much control over SSL as possible. 

We use OpenDNS for filtering, but NAT of SSL will not allow us to prevent a user from specifying an https proxy by IP. This is a problem...

 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux