[squid-users] Transparent Mode w/ Peek and Splice trouble

James Lay jlay at slave-tothe-box.net
Wed May 18 15:19:25 UTC 2016


On 2016-05-18 08:14, se at kpa.gr wrote:
> Hello!
> 
> I am currently setting up a squid server, which should serve as a
> transparent proxy in our network.
> 
> We mainly need it to do the following:
> Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping
> the traffic). We only want to allow domain names on the SSL port, no
> URLs.
> 
> It actually works fine for HTTP, but I can't configure the "peek and
> splice" method for the HTTPS traffic.
> 
> I have come to a point, where HTTP access is being filtered exactly as
> I wanted to, but following odd error occures when visiting HTTPS
> sites:
> 
> When using "https_port 10.0.0.222:3130 cert=/root/cert.pem
> key=/root/key.pem ssl-bump intercept"
> I get an Access Denied Error for any Website I try to access, which
> occured while "trying to retrieve the URL: 10.0.0.222:3130"!
> 
> If I configure the https_port option with "accel vhost allow-direct"
> like the http_port, the allowed Pages work fine but with squid's
> certificate.
> 
> 
> Somewhere the Squid seems to redirect his actual https traffic back to
> itself when using the "intercept" option and that is why I cannot use
> the splice method.
> 
> You can find my configuration files on http://kpa.gr/squid-conf/
> 
> Thanks very much in advance,
> 
> Pantelis W
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


Read:

http://thread.gmane.org/gmane.comp.web.squid.general/114384/focus=114389

I'm doing exactly what you're wanting.

James


More information about the squid-users mailing list