Hi there, I've googled about for this but I think most of the squid intercept stuff refers to 3.2 and I think things have changed since then? I have squid-3.4.9 running with sslbump, and when I configure my browser to use it as a proxy, it bumps the certs nicely, signing "fake" certs/etc. I then added an iptables run to redirect outbound tcp/80 onto port 3129 (see below) and that transparently proxies all port 80 - great. I then went through the same exercise with sslbump, but when I put in an iptables rule to redirect outbound tcp/443 traffic onto 3127, it doesn't bump - it acts like a TCP forwarder instead. I get a "CONNECT ip.add.ress:443" log record - no sign of the hostname and no bumping http_port 3126 ssl-bump cert=/etc/squid/squid-CA.cert capath=/etc/ssl/certs/ generate-host-certificates=on dynamic_cert_mem_cache_size=256MB options=ALL http_port 3129 transparent https_port 3127 transparent ssl-bump cert=/etc/squid/squid-CA.cert capath=/etc/ssl/certs/ generate-host-certificates=on dynamic_cert_mem_cache_size=256MB options=ALL acl SSL_nonHTTPS_sites dstdom_regex "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ssl_bump none SSL_nonHTTPS_sites ssl_bump none SSL_noIntercept_sites ssl_bump server-first all So these older search-engine pages I came across claimed this should work with squid, but either I am missing something, or this doesn't work in 3.4.9? Thanks -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users