[squid-users] How to intercept ssl_bump transparent NAT httpswebsites

Amos Jeffries squid3 at treenet.co.nz
Wed May 31 00:31:42 UTC 2017

On 30/05/17 21:55, Andi wrote:
> Thank you for all your suggestions Mister.
> I improved my conf by them and disabled squidguard for testing and its 
> working now fine without squidguard.
> So I need to investigate why squidguard won't run with https sites on 
> v 3.5.25
> squidGuard -v
> SquidGuard: 1.5 Berkeley DB 5.3.28: (September  9, 2013)
> How can I find out what happens between Squid, SquidGuard at debian 
> and Firefox at client side ?

The Squid<->Firefox is all HTTP so for that debug_options 11,2.
That will also show you any of the HTTP to servers if it is involved.

For the redirector debug_options 61,5

> I tried echo tests locally with squidguard but it only shows ERR 
> results with https sites.
> Http sites are working well as expected with squidguard

I'm not entirely surprised by that. SG has not been maintained since 
before Squid was handling https:// on a regular basis. So it may simply 
be not able to process that type of URL.

Squid can now do a lot of what SG was useful for. But if you really 
still need SG for something perhapse you should try using the ufdbguard 
helper instead. It is essentially a drop-in replacement but has extra 
features for a lot more modern traffic handling and has active support.


More information about the squid-users mailing list