On 12/04/2012 10:08 p.m., Ahmed Talha Khan wrote:
Also Will "tranparent" work on https_port? The bowser makes a connection of 443 which i redirect to squid. So will it let the webpages open? They are not opening for me
On Squid 3.0 and 2.x yes (3.1+ use "intercept" now) . All it does is tell Squid to lookup the local kernel NAT tables for client IP information instead of trusting the TCP packet, and that the request should have some other special origin server specific processing applied.
The problem with https_port intercept has always been, and remains in the current Squid, that the SSL certificate sent to the client does not match the domain the client is contacting. They get a TLS security alert message on every new connection attempt. The dynamic cert generation feature in 3.2 helps, but intercepted HTTPS still mostly lacks the domain name details the generator needs to produce a valid cert (requires SSL SNI feature, which is *legally* risky for most of us dev to implement no techincal problem).
Amos
