On Apr 11, 2012, at 4:31 AM, Ahmed Talha Khan wrote: > Hey, > > I have configured squid to act as a transparent proxy. i also want to > bump the ssl connections. However i am unable to open the https > pages.The browser keeps going in loops and says that the page isnt > redirecting properly(firefox) or has redirect-loops(chrome). > > I then removed the ssl-bump configuration from the http_port > definition but the problem still persists. > > My setup is like this. I have 2 linux boxes, one acting as the default > gateway of the other. I am running squid on the 2nd box. All ip-table > entries are good as http traffic is going along smoothly. > > Can anybody help. My conf file looks like this > > > cache_effective_user talha > always_direct allow all > ssl_bump allow all > > > > # Squid normally listens to port 3128 > http_port 192.168.8.105:3128 transparent ssl-bump > cert=/home/talha/squid/www.sample.com.pem > key=/home/talha/squid/www.sample.com.pem > https_port 192.168.8.105:3129 transparent ssl-bump > cert=/home/talha/squid/www.sample.com.pem > key=/home/talha/squid/www.sample.com.pem I think it should be functional if your ip-tables rules are redirecting port 443 traffic to port 3129. However, you will get certificate errors because squid isn't capable of creating host-specific certificates for transparent HTTPS connections yet. Guy-------- This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
