[squid-users] SSL Bump Issue

Amos Jeffries squid3 at treenet.co.nz
Fri Mar 4 09:11:03 UTC 2016


On 4/03/2016 10:01 p.m., Ali Jawad wrote:
> Actually, now that I am using 3.15 it seems I get the error for port 80 ->
> 3128 intercepts again
> 
> TCP_MISS/503 4274 GET http://www.whereIwantToVisit.net/ - ORIGINAL_DST/
> 162.220.244.7 text/html

This is the same problem happening for both port 443 and port 80.
You need to exclude the squid outgoing traffic from the iptables NAT
REDIRECT.

Compare the tutorial rules with what you have:
<http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect>

I believe you are missing that first rule with "-s $SQUIDIP -p tcp
--dport 80 -j ACCEPT".

Amos



More information about the squid-users mailing list