Search squid archive

Re: Transparent Mode w/ Peek and Splice trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2016-05-18 08:14, se@xxxxxx wrote:
Hello!

I am currently setting up a squid server, which should serve as a
transparent proxy in our network.

We mainly need it to do the following:
Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping
the traffic). We only want to allow domain names on the SSL port, no
URLs.

It actually works fine for HTTP, but I can't configure the "peek and
splice" method for the HTTPS traffic.

I have come to a point, where HTTP access is being filtered exactly as
I wanted to, but following odd error occures when visiting HTTPS
sites:

When using "https_port 10.0.0.222:3130 cert=/root/cert.pem
key=/root/key.pem ssl-bump intercept"
I get an Access Denied Error for any Website I try to access, which
occured while "trying to retrieve the URL: 10.0.0.222:3130"!

If I configure the https_port option with "accel vhost allow-direct"
like the http_port, the allowed Pages work fine but with squid's
certificate.


Somewhere the Squid seems to redirect his actual https traffic back to
itself when using the "intercept" option and that is why I cannot use
the splice method.

You can find my configuration files on http://kpa.gr/squid-conf/

Thanks very much in advance,

Pantelis W
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


Read:

http://thread.gmane.org/gmane.comp.web.squid.general/114384/focus=114389

I'm doing exactly what you're wanting.

James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux