Search squid archive

squid ssl transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi everyone,

i hope someone can help me :) i have this problem:

squid is running as a ssl transparent proxy, and at the moment it's receiving 
all the traffic with these two iptables rules:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 
3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 
3130

so far no problem at all. everything works perfect ... but when i add any 
simple acl to block a ssl website, i get this browser's error: ssl connection 
error (ERR_SSL_PROTOCOL_ERROR)

also, if i try to run squid with the line currently commented in the conf 
pasted below, i get a certificate error (domain mismatch) from the client.

http_port 3128 intercept
https_port 3130 intercept ssl-bump generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy_matrix-
test_com.crt key=/usr/local/squid/ssl_cert/squid.key
acl broken_sites dstdomain google.it
ssl_bump none localnet
ssl_bump none broken_sites
#ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s 
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

(proxy_matrix-test_com.crt is signed by a recognized certification authority)

any ideas ?

thanks.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux