Hi Amos, You are right. Will this work with transferring all the traffic to http port from iptables ? Iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-destination serverip:3128 And further checking the traffic in squid Acl safe_ports port 443 # Secure port http_access allow safe_ports Thanks/regards, Vishal Agarwal -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Tuesday, March 20, 2012 11:11 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: SSL sites bypass authentication On 20/03/2012 5:26 p.m., Vishal Agarwal wrote: > Hi, > > You require to deny the db_auto just after the allow statement (See below ). I hope that will work. That should be meaningless: if logged in will allow, else if logged in will deny. Missing a '!' ? The final diagnosis of this problem is that the traffic was not even entering Squid. No amount of Squid config will cause it to respond to packets which dont even arrive. Amos
