On 01.11.2012 04:33, Heinrich Hirtzel wrote:
Hello
For a school project I'm trying to intercept SSL connections by using
Squid (client -> squid (transparent) -> server).
I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the
following configuration:
*************************************
http_port 10.0.1.1.:3128 intercept
https_port 10.0.1.1.:443 ssl-bump
cert=/user/local/squid3/ssl_cert/myCA.pm
acl our_networks src 10.0.1.0/24
http_access allow our_networks
forwarded_for off
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
*************************************
I've
complied squid with SSL support (--enable-ssl). When starting Squid
I
do not get any error message. Also, proxying http traffic works
without
any problems.
However, when I try to establish a HTTPS session
through squid, the client retrieves the SSL certificate from squid,
but
after accepting it the browser displays an error message from squid
that
the URL is invalid:
"The following error was encountered while trying to retrieve the
URL: /.
Invalid URL"
In the Squid access.log I see the following line:
"<timestamp> 0 10.0.1.5 NONE/440 3503 GET / - NONE/- text/html"
It
appears that squid does strips away the hostname / domain name of
the
URL the client tries to access, which causes the error message
mentioned
above.
I've already spent hours in finding a solution for this
problem and went through dozens of tutorials, unfortunately I wasn't
able to find a solution so far.
Any ideas what could be wrong?
You are missing the intercept flag on https_port. That is what tells
Squid how to interpret the URL and TCP layer differences in the port 80
and 443 syntax traffic.
Amos
