On 04/07/11 23:03, Deniz Eren wrote:
Hi;
I want to pass https traffic through squid without processing it, only
pass the traffic. I'm not interested with filtering or seeing the
content. I won't use proxy, the iptables rule below will redirect
https traffic to squid.
iptables -t nat -I PREROUTING -p tcp --dport 443 -j DNAT
--to-destination 192.168.0.1:3128
If I succeed this I will work on an acl which uses SNI. I will
appreciate if you give me ideas about SNI filtering too(the SNI I am
talking about is different from the one implemented in squid, my only
purpose is acl).
http://en.wikipedia.org/wiki/Server_Name_Indication
Good day to you..
Two points:
1) Receiving HTTPS traffic involves processing it.
2) Squid currently does not support NAT interception of any traffic
type except plain HTTP or ICY (when sent via port 80).
If you plan on doing code towards supporting SSL or SNI please get in
touch with squid-dev mailing list about it. The developers who recently
added SNI support to Squid may be working in that area still.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.9
