On 4/03/2016 11:57 a.m., Ali Jawad wrote: > Hi > I am using Squid > > [root@kgoDcyTx9 squid]# /squid/sbin/squid -v > > Squid Cache: Version 3.4.9 When using SSL-Bump functionality first port of call is to ensure you are using the latest release. Today that is 3.5.15 (though I recommend the snapshot tarball instead of the main one). Or 4.0.7 beta. > > Config Options > > > https_port 3129 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/squid/etc/squid/ssl_cert/myca.pem > key=/squid/etc/squid/ssl_cert/myca.pem > > <snip outdated settings> > > Iptables Rule > > iptables -t nat -A PREROUTING -p tcp --dport 443 --destination > 162.220.xx.xx -j REDIRECT --to-ports 3129 > So what happens to the Squid traffic going to port 443 ? > > The problem : > > There are no certificate errors in the cache log and access log appears to > log the requested URL, the problem is that Squid shows the error below, > from the looks of it Squid is trying to send the request to itself on its > own IP, my assumption is that Squid is not able to detect the proper > destination during bump "through a config fault of my own" or a missing The machine NAT system tells Squid what the destination is supposed to be. > step. Please advice : > > The following error was encountered while trying to retrieve the URL: > ://162.220.xx.xx:443 > <https://ipv6_1.lagg0.c052.lhr004.ix.nflxvideo.net/://162.220.244.7:443> > > *Connection to 162.220.244.7 failed.* > Is "162.220.244.7" your Squid IP? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
