test case 1 : ----------------------------------------- I changed my squid setting (don't use intercept mode) http_port 3129 ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB thab client Web Browser set proxy to 192.168.95.81:3129 squid ssl-bump * OK * squid access.log has the client access log. test case 2: ----------------------------------------- but I want use transparent mode (intercept with PF rdr). intercept mode add the following acl rule : acl bumpedPorts myportname 3129 http_access allow CONNECT bumpedPorts ..... https_port 3129 intercept ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB access.log no appear TCP_DENIED/200 0 CONNECT 127.0.0.1:3129 but client web browser has been waiting and no response. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-5-ssl-bump-intercept-TCP-DENIED-200-on-bridge-mode-tp4682712p4682735.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users