[squid-users] Transparent Mode w/ Peek and Splice trouble
se at kpa.gr
se at kpa.gr
Wed May 18 14:14:12 UTC 2016
I am currently setting up a squid server, which should serve as a
transparent proxy in our network.
We mainly need it to do the following:
Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping the
traffic). We only want to allow domain names on the SSL port, no URLs.
It actually works fine for HTTP, but I can't configure the "peek and
splice" method for the HTTPS traffic.
I have come to a point, where HTTP access is being filtered exactly as I
wanted to, but following odd error occures when visiting HTTPS sites:
When using "https_port 10.0.0.222:3130 cert=/root/cert.pem
key=/root/key.pem ssl-bump intercept"
I get an Access Denied Error for any Website I try to access, which
occured while "trying to retrieve the URL: 10.0.0.222:3130"!
If I configure the https_port option with "accel vhost allow-direct"
like the http_port, the allowed Pages work fine but with squid's
Somewhere the Squid seems to redirect his actual https traffic back to
itself when using the "intercept" option and that is why I cannot use
the splice method.
You can find my configuration files on http://kpa.gr/squid-conf/
Thanks very much in advance,
More information about the squid-users