[squid-users] Transparent Mode w/ Peek and Splice trouble

James Lay jlay at slave-tothe-box.net
Wed May 18 15:19:25 UTC 2016

On 2016-05-18 08:14, se at kpa.gr wrote:
> Hello!
> I am currently setting up a squid server, which should serve as a
> transparent proxy in our network.
> We mainly need it to do the following:
> Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping
> the traffic). We only want to allow domain names on the SSL port, no
> URLs.
> It actually works fine for HTTP, but I can't configure the "peek and
> splice" method for the HTTPS traffic.
> I have come to a point, where HTTP access is being filtered exactly as
> I wanted to, but following odd error occures when visiting HTTPS
> sites:
> When using "https_port cert=/root/cert.pem
> key=/root/key.pem ssl-bump intercept"
> I get an Access Denied Error for any Website I try to access, which
> occured while "trying to retrieve the URL:"!
> If I configure the https_port option with "accel vhost allow-direct"
> like the http_port, the allowed Pages work fine but with squid's
> certificate.
> Somewhere the Squid seems to redirect his actual https traffic back to
> itself when using the "intercept" option and that is why I cannot use
> the splice method.
> You can find my configuration files on http://kpa.gr/squid-conf/
> Thanks very much in advance,
> Pantelis W
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



I'm doing exactly what you're wanting.


More information about the squid-users mailing list