On 17.04.2012 22:26, Daniel Niasoff wrote:
I suppose so.
Was hoping for a more "magical" solution that would just work.
You are talking about a cross-ASN problem. Paste the consumer CPE
devices is a whole other network scope, which just happens to be
(probably) single-homed through yours.
Government proxy farms and "great firewall" setups face the same
problem with internal ISP networks. IETF HTTP WG is considering the
problem, but there is nothing today which solves it magically.
Amos
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: 17 April 2012 11:21
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: squid 3.2.0.17 + transparent + sslbump
On 17/04/2012 10:16 p.m., Daniel Niasoff wrote:
Thanks Ahmed,
That worked, well sort of anyway.
Squid is now successfully transparently intercepting SSL but as
stated on the wiki, certificate rewrite doesn't work.
So I guess the only real solution is explicit proxy.
I tried to play around with WPAD + PAC but that is only useful when
PCs are on a corporate network with centrally managed DNS/DHCP.
My clients are home users with their own broadband routers which
manage their own DHCP.
So any ideas what I can do if I want to set up a proxy service for
SSL with minimum effort required from users and no control of DHCP?
You can publish the details of your proxy and PAC file, encouraging
them to make use of it for faster Internet.
Amos
