Re: [squid-users] Re: access denied

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 05 Jul 2014 02:25:38 +1200

On 2014-07-05 01:51, winetbox wrote:
> http_port 3129 intercept now work well
>
> now i'm trying to do the same for https, but doesn't work
>
> i put a new line on squid.conf
> https_port 3131 intercept
>
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
> --to-port 3131
>
> these doesn't work at all

Port 443 is more complicated as you have to decrypt the TLS traffic to
reach the HTTP inside it. That means ssl-bump feature needs configuring
if you are to handle the HTTP traffic inside the TLS encryption.

NP: The latest releases will wrap intercepted port 443 traffic in a
CONNECT provided you configure "ssl_bump none" for the relevant src or
dst IP. If this is sufficient for your needs it would be best, as you
avoid having to break the security encryption. Does require the latest
3.4 (or 3.HEAD) though.

Amos
Received on Fri Jul 04 2014 - 14:25:47 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 05 2014 - 12:00:04 MDT