[squid-users] ssl bump and url_rewrite_program (like squidguard)

Edouard Gaulué edouard at e-gaulue.com
Tue Nov 3 22:48:51 UTC 2015

Hi community,

I've followed
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit  to
set my server. It looks really interesting and it's said to be the more
common configuration.

I often observe (example here withwww.youtube.com) :
The following error was encountered while trying to retrieve the URL:

     *Unable to determine IP address from host name "http"*

The DNS server returned:

     Name Error: The domain name does not exist.

This happens while the navigator (Mozilla) is trying to get a frame at

That's ads so I'm not so fond of it...

But this leads me to the fact I get this behavior each time the site is
banned by squidguard.

Is there something to do to avoid this behavior? I mean, squidguard
should send :

   Access denied

Supplementary info 	: 	
Client address 	= 	192.168.XXX.XXX
Client name 	= 	192.168.XXX.XXX
User ident 	= 	
Client group 	= 	XXXXXXX
URL 	= 	https://ad.doubleclick.net/
Target class 	= 	ads

If this is wrong, contact your administrator

squidguard is an url_rewrite_program that looks to respect squid
requirements. Redirect looks like this :

I've played arround trying to change the redirect URL and it leads me to
the idea ssl_bump tries to analyse the part until the ":". Is there a way
to avoid this? Is this just a configuration matter?

Could putting a ssl_bump rule saying "every server that name match "http" or
"https" should splice" solve the problem?

Regards, EG

More information about the squid-users mailing list