Thanks for taking the time to answer Amos. > On port 443 traffic the Host: header is buried inside the encryption. So > is the whole URL. Until the server contact has been established, certs > exchanged with the client and the first HTTP request received there is > no known Host header. > > NP: the SSL cert domain name(s) can be wildcard or completely irrelevant > domain so is not reliable either. > This gets me worried. Is what I'm trying to do possible? DNS spoof a domain (it's resolved to the squid server) and transparent proxy the https traffic to the real host? (as a general idea I don't care about the contents of https traffic, intercepting or otherwise, but because of the dns spoof I have to forward it to the real host) > This looks a bit like the server is not permitting your connection > attempt. The one that would otherwise give Squid the server cert and > details to pass to the client. > Is the server software running and listening on port 443 when this test > is made? > Yes, I'm trying with https://google.com. > > You are testing from localhost? That is the only machine permitted > through this Squid. Although you did get Connection Refused instead of > 403 Forbidden. > Yes, I'm testing with localhost. -M.
