Hi I am trying to set up squid as a transparent ssl mitm proxy. The users behind the proxy understand they have no expectation of privacy. Also each computer behind the proxy has trusted the organisation certificate. After several days of research, what I would like to know is: 1. http_port intercept means squid will place its own ip in the packet sent to the destination. Is this correct? 2. http_port tproxy means squid will preserve the client's ip in the packet sent to the destination, is this correct? 3. Does ssl bump work only with CONNECT messages? ie clients must have their browser set to use squid as a proxy. But http://wiki.squid-cache.org/Features/SslBump also says it can mitm transparently redirected SSL traffic. So ssl bump works in 'transparent/intercept' mode; I have seen many guides such as http://blog.davidvassallo.me/2011/03/22/squid-transparent-ssl-interception/ combining ssl bump with transparent/intercept. 4. What is the point of using http_port (xyz) ssl-bump if port xyz cannot receive ssl traffic? Wouldn't ssl-bump ONLY be used with https_port, not http_port? 5. After all this, is it possible to use tproxy with ssl-bump? That is, do SSL man in the middle whilst preserving the client's IP address? The clients have all trusted the organisation CA that will be used by Squid. http://squid-web-proxy-cache.1019090.n4.nabble.com/about-https-support-for-transparent-proxy-td1048478.html says it can't, but this message was from three years ago. All of the examples I have seen use intercept with ssl-bump, not with tproxy. Or are there other options (squid or otherwise) which will allow transparent/tproxy ssl proxying? Thanks
