Thanks Amos. Does NAT port 443 back to the original website's IP works on multiple different websites? For example, https://www.gmail.com, https://www.pandora.com, and etc? The reason I'm asking is I tried a similar method in using RINETD to forward all traffic going through port 443 of my Squid back to the original IP of www.pandora.com. Unfortunately, I did not realize all other HTTPS requests are also forwarded to the IP of www.pandora.com. For example, https://www.gmail.com also takes me to www.pandora.com Since I'm running the Intercept mode, the forwarding needs to be dynamic and match each HTTPS domain name with proper original IP. Can this be done in Squid or iptables? Thanks again, Nick On Fri, Jun 24, 2011 at 9:27 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 24/06/11 19:52, kkk kkk wrote: >> >> Hi all, >> >> I know the SSL issue has been beaten to death >> >> I'm using DNS redirect to force my clients to use my intercept proxy. >> As we all know, intercepting HTTPS connection is not possible unless I >> provide a fake certificate. What I want to achieve here is to allow >> all HTTPS requests connect directly to the source server, thus >> bypassing Squid: >> >> HTTP connection> Proxy by Squid >> HTTPS connection> Bypass Squid and connect directly >> >> >> I spent the past few days goolging and trying different methods but >> none worked so far. I read about SSL tunneling using the CONNECT >> method but couldn't find any more information on it. >> >> Any takes on how to do this? > > You need to know what the original IP should have been. Then NAT the traffic > on port 443 back to that IP. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.9 and 3.1.12.3 >