On 7/02/2017 2:46 a.m., Varun Singh wrote: > On Mon, Feb 6, 2017 at 11:39 AM, Amos Jeffries wrote: > > Hi, > Please find my reply inline: > >> What documentation? it is wrong, or you are misunderstanding it. The URL >> path?query is definitely *not* available without decrypting. >> > > Correct, I mis-read it. > > >> Because the only way to access more than hostname/IP and port is to decrypt. > > Okay. In that, case I am okay with only being able to see hostname/IP and port. > But whenever I search for setting up HTTPS with Squid, I always come > across SSL-bump. > Could you point me to a tutorial which perform just basic HTTPS setup? The Squid default config handles as much of HTTPS as can be handled without the SSL-Bump feature. > > What I have tried so far is, configuring Squid to listen to port 3129 > to expect HTTPS traffic. I did this by adding following line to > squid.conf: > > https_port 3129 > > Once this was done, I redirected all the traffic coming to port 443 to > port 3129 using iptables. This is because my clients connect to proxy > via VPN. Since you are intercepting port 443 that port is missing the 'intercept' flag. Also, interceptig port 443 requires SSL-Bump. > But this had no effect. After connecting clients to proxy, when I try > to access an HTTPS website, the clients get no response and nothing > shows in access.log file. The browser behaves as if it could not > connect to internet. > > Please note that this setup works perfectly for HTTP requests. Only > HTTPS requests give problems. > Port 80 (HTTP) and port 443 (HTTPS) have totally different transport protocols. The port 443 one is designed to break when being intercepted. > > FYI, by documentation I was referring to below link: > http://wiki.squid-cache.org/Features/HTTPS > Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
