Search squid archive

Re: squid 3.5 ssl-bump intercept TCP_DENIED/200 on bridge mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



test case 1 : 
-----------------------------------------
I changed my squid setting (don't use intercept mode)

http_port 3129 ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

thab client Web Browser set proxy to 192.168.95.81:3129

squid ssl-bump * OK *
squid access.log has the client access log.

test case 2:
-----------------------------------------
but I want use transparent mode (intercept with PF rdr).
intercept mode add the following acl rule :

acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
.....
https_port 3129 intercept ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB 

access.log no appear TCP_DENIED/200 0 CONNECT 127.0.0.1:3129 
but client web browser has been waiting and no response.





--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-5-ssl-bump-intercept-TCP-DENIED-200-on-bridge-mode-tp4682712p4682735.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux