[squid-users] Have issue with "https_port ssl-bump intercept"
Rafał S
rafal.sanocki at gmail.com
Sat Aug 11 10:09:45 UTC 2018
W dniu pt., 10.08.2018 o 20:28 Alex Rousskov <
rousskov at measurement-factory.com> napisał(a):
> On 08/10/2018 12:05 PM, pius wrote:
> > I am getting IP address of the client instead of the domain name I
> requested.
>
> I suspect you are getting your Squid https_port address
> (10.222.17.106:3130) rather than the client IP address (10.222.25.60).
> Logging Squid IP instead of the intended server IP feels wrong to me,
> but that is not why things do not otherwise "work" in your test.
>
> Your test request is probably not getting through because your
> http_access rules (or equivalent) deny the (fake) CONNECT request to
> 216.58.212.100 (or whatever one of the www.google.com server IPs is in
> your environment). Check your access control rules while keeping in mind
> that the initial (i.e. step1) fake CONNECT request on an intercepting
> https_port has nothing but TCP/IP-level information.
>
>
> HTH,
>
> Alex.
>
>
> > I am trying curl -iv https://www.google.com from a client machine
> > (10.222.17.106). I am not getting google.com in the access log and
> getting
> > TCP_DENIED. Looks like traffic is blocked before checking the
> certificate( I
> > am not sure ). And HTTP works fine (curl -iv http://www.google.com). I
> have
> > included LOG for from both requests. Please help.
> >
> > ##############
> > HTTPS REQUEST
> > 1533917193.498 0 10.222.25.60 TCP_DENIED/200 0 CONNECT
> > 10.222.17.106:3130 - HIER_NONE/- -
> > ##############
> > HTTP REQUEST
> > 1533917208.934 35 10.222.25.60 TCP_MISS/200 11561 GET
> > http://www.google.com/ - HIER_DIRECT/216.58.212.100 text/html
> > ##############
> >
> >
> >
> >
> >
> ################################################################################
> > Here is my squid.conf
> > ###############
> > http_port 3128
> >
> > http_port 0.0.0.0:3129 ssl-bump \
> > cert=/etc/squid/ssl_cert/cert.pem \
> > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> >
> > https_port 0.0.0.0:3130 ssl-bump intercept \
> > cert=/etc/squid/ssl_cert/cert.pem \
> > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> >
> > acl step1 at_step SslBump1
> > acl step2 at_step SslBump2
> > acl ssl_exclude_domains ssl::server_name
> "/etc/squid/exclude_domains.conf"
> >
> > ssl_bump splice localhost
> > ssl_bump peek step1 all
> > ssl_bump splice ssl_exclude_domains
> > ssl_bump stare step2 all
> > ssl_bump bump all
> >
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180811/f701b21c/attachment.html>
More information about the squid-users
mailing list