On 20/03/2012 07:31, Vishal Agarwal wrote:
Hi Amos,
You are right.
Will this work with transferring all the traffic to http port from iptables ?
Iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-destination serverip:3128
you do recall that https is suppose to be on port 443 ? right?
just block the https\443 for users outside the proxy with:
iptables -t filter -I FORWARD 1 -s 192.168.1.0/24 -p tcp --dport 443 -j DROP
this will make this DROP rule first and will force users\clients to use
the proxy for ssl connections.
Regards,
Eliezer
And further checking the traffic in squid
Acl safe_ports port 443 # Secure port
http_access allow safe_ports
Thanks/regards,
Vishal Agarwal
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Tuesday, March 20, 2012 11:11 AM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: SSL sites bypass authentication
On 20/03/2012 5:26 p.m., Vishal Agarwal wrote:
Hi,
You require to deny the db_auto just after the allow statement (See below ). I hope that will work.
That should be meaningless: if logged in will allow, else if logged in
will deny.
Missing a '!' ?
The final diagnosis of this problem is that the traffic was not even
entering Squid. No amount of Squid config will cause it to respond to
packets which dont even arrive.
Amos
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
elilezer <at> ngtech.co.il
