Search squid archive

Re: [Fwd: Re: SSL Bump for regex URL comparison]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18/11/17 01:45, Joe Foster wrote:
Good morning,

I have tried the attached but I still receive the same result.

I have attached a screen shot to show what happens, its like there is no
connection.


There isn't ...

I have tried it with and without listing 3128 as a safe ssl port. I
imagine its not needed as its generated from Squid.

HTTPS isn't connecting, HTTP is though that's no surprise, I'm only
diverting port 443 to port 3128.

Your port 3128 is configured to only accept plaintext HTTP traffic. It cannot handle the TLS on port 443 traffic.

FWIW the "ssl-bump" option does not make an http_port capable of receiving TLS. It just makes Squid attempt to decrypt the data tunneled inside plain-text CONNECT requests (if any), in accordance with the ssl_bump rules actions.


There are no logs being generated so I cant find out more.


Most currently distributed Squid versions do not log connections that fail with no HTTP activity happening on them. Except when debugging the underlying TCP I/O activity.



I can't for the life of me see what I'm doing wrong.

Your advise if greatly received.

Thank you

Joe
I have the below rule added to my firewall for the redirect:
connection config redirect
         option proto 'tcp'
         option src 'lan'
         option src_ip '!192.168.1.101'
         option src_dport '443'
         option dest 'lan'
         option dest_ip '192.168.1.101'
         option dest_port '3128'
         option target 'DNAT'


NAT can only happen on the Squid machine itself. You must *route* the packets without any type of DNAT prior to their arrival at the Squid device.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux