On 2014-07-05 01:51, winetbox wrote:
http_port 3129 intercept now work well now i'm trying to do the same for https, but doesn't work i put a new line on squid.conf https_port 3131 intercept # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3131 these doesn't work at all
Port 443 is more complicated as you have to decrypt the TLS traffic to reach the HTTP inside it. That means ssl-bump feature needs configuring if you are to handle the HTTP traffic inside the TLS encryption.
NP: The latest releases will wrap intercepted port 443 traffic in a CONNECT provided you configure "ssl_bump none" for the relevant src or dst IP. If this is sufficient for your needs it would be best, as you avoid having to break the security encryption. Does require the latest 3.4 (or 3.HEAD) though.
Amos
