On 01.11.2012 04:49, Heinrich Hirtzel wrote:
Hi Eliezer
what iptables rules have you used?
also you better use squid 3.2 for ssl-bump.
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 81 -j REDIRECT
--to-port 3128
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 443 -j REDIRECT
--to-port 443
also you better use squid 3.2 for ssl-bump.
K, will try that. Stay tuned :-)
take a look at:
http://wiki.squid-cache.org/Features/SslBump
and
http://wiki.squid-cache.org/Features/DynamicSslCert
I've read through them for at least 10 times (I'm not kidding) and
tried various different configurations without finding any solution.
Maybe I simply missed something :-/
Do I need to compile squid with '--enable-ssl-crtd' or is
'--enable-ssl' enough?
For HTTPS interception ssl-crtd is better. server-first feature and
certificate-mimic are even better.
Squid-3.3 which has these is needed for anything close to useful HTTPS
port 443 interception.
Amos
