[squid-users] Transparent Mode w/ Peek and Splice trouble

se at kpa.gr se at kpa.gr
Wed May 18 14:14:12 UTC 2016


Hello!

I am currently setting up a squid server, which should serve as a 
transparent proxy in our network.

We mainly need it to do the following:
Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping the 
traffic). We only want to allow domain names on the SSL port, no URLs.

It actually works fine for HTTP, but I can't configure the "peek and 
splice" method for the HTTPS traffic.

I have come to a point, where HTTP access is being filtered exactly as I 
wanted to, but following odd error occures when visiting HTTPS sites:

When using "https_port 10.0.0.222:3130 cert=/root/cert.pem 
key=/root/key.pem ssl-bump intercept"
I get an Access Denied Error for any Website I try to access, which 
occured while "trying to retrieve the URL: 10.0.0.222:3130"!

If I configure the https_port option with "accel vhost allow-direct" 
like the http_port, the allowed Pages work fine but with squid's 
certificate.


Somewhere the Squid seems to redirect his actual https traffic back to 
itself when using the "intercept" option and that is why I cannot use 
the splice method.

You can find my configuration files on http://kpa.gr/squid-conf/

Thanks very much in advance,

Pantelis W


More information about the squid-users mailing list