[squid-users] internet squid with https and just for domain resolution not for caching or so

Antony Stone Antony.Stone at squid.open.source.it
Fri Aug 31 16:45:17 UTC 2018

On Friday 31 August 2018 at 17:44:41, --Ahmad-- wrote:

> Dear Folks .
> i ask here
> if i wan to enable squid into intercpt/transparent or transparent
> TCP_connect
> i dont want to decrypt the message
> all what i need say client requested google.com <http://google.com/>

I assume you meant to say https://google.com ?

> i can from router to send the packet to the proxy server via PBR or so and
> all what i need is squid intercept this msg and do the name resolution and
> based on it , it has the tcp_outgoing address as IPV6 address
> agian  dont  want any certificate error or so
> possible ?


If the client is configured not to use a proxy (and you say you want to use 
intercept mode) then the client itslf will already have done the DNS lookup 
(otherwise it wouldn't know which IP address to send the request to).

If Squid then intercepts the request, it will already have a destination IP 
address, and Squid has no reason to do a DNS lookup.  If it didn't and perhaps 
found a different IP address than the client did (which is entirely possible 
with CDNs etc) and decided to send the request there instead, things would 
break once the reply got back to the client because it would see a reply from 
an address it didn't send a request to.

If in fact you are asking how to convert IPv4 requests to IPv6 requests then I 
seriously doubt that this can be done using Squid in intercept mode at all 
(however I've never wanted to try it).


"I find the whole business of religion profoundly interesting.  But it does 
mystify me that otherwise intelligent people take it seriously."

 - Douglas Adams

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list