On 13/05/2013 3:03 a.m., neeraj kharbanda wrote:
Hi, why some sites dont open when redirected through squid ?? Mostly secure sites. I'm using snat redirection of iptables.
Because SSL is a security protocol designed to prevent interception such as NAT.
Any site which is *correctly* using SSL/TLS security procedures with validation at both client and server ends will not work when NAT'ed to a proxy. Some sites have been doing that for a long time, and as SSL interception of half-validating sites is growing in popularity so are the number of sites which are improving their validations.
Also, port 443 is used for approximately 5 different protocols these days. HTTPS, WebSockets, and several versions of SPDY. Sites using any of the non-HTTPS will not work well through an HTTP(S) intercepting Squid.
Amos
