On 19/06/2013 6:48 a.m., Deniz Eren wrote:
Hi; In previous versions of squid(before v3.3) we used squid for intercepting SSL traffic and content filtering it using dansguardian and then encrypting it again. Only problem was "Browser SSL Warnings". Our network scheme is like below: Client [HTTPS encrypted] ---> Squid1 (port 3128) [Decrypting HTTPS and sending dansguardian HTTP]---> Dansguardian (port 8080) [HTTP continued]---> Squid2 (port 3129) [Again encrypting HTTP to HTTPS]---> Destination server [Receives HTTPS] Now after "SSL mimicing" and "Dynamic SSL certificate generation" functions added, we wanted to use these features and prevent "Browser SSL Warnings". But when we tried using squid 3.3.5 we couldn't do MITM trick with squid using dansguardian. So my question is it possible to decrypt SSL traffic filter it with dansguardian and after that encrypt the traffic again. Or are we trying something which is technically not possible with squid v3.3.5?
You can't. Mimicing requires something to mimic, and the plain-HTTP connections through DansGuardian does not contain SSL.
Consider moving the tasks DansGuardian is performing into Squid and/or an ICAP service instead.
Amos
