[squid-users] Transparent Mode w/ Peek and Splice trouble
James Lay
jlay at slave-tothe-box.net
Wed May 18 15:19:25 UTC 2016
On 2016-05-18 08:14, se at kpa.gr wrote:
> Hello!
>
> I am currently setting up a squid server, which should serve as a
> transparent proxy in our network.
>
> We mainly need it to do the following:
> Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping
> the traffic). We only want to allow domain names on the SSL port, no
> URLs.
>
> It actually works fine for HTTP, but I can't configure the "peek and
> splice" method for the HTTPS traffic.
>
> I have come to a point, where HTTP access is being filtered exactly as
> I wanted to, but following odd error occures when visiting HTTPS
> sites:
>
> When using "https_port 10.0.0.222:3130 cert=/root/cert.pem
> key=/root/key.pem ssl-bump intercept"
> I get an Access Denied Error for any Website I try to access, which
> occured while "trying to retrieve the URL: 10.0.0.222:3130"!
>
> If I configure the https_port option with "accel vhost allow-direct"
> like the http_port, the allowed Pages work fine but with squid's
> certificate.
>
>
> Somewhere the Squid seems to redirect his actual https traffic back to
> itself when using the "intercept" option and that is why I cannot use
> the splice method.
>
> You can find my configuration files on http://kpa.gr/squid-conf/
>
> Thanks very much in advance,
>
> Pantelis W
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
Read:
http://thread.gmane.org/gmane.comp.web.squid.general/114384/focus=114389
I'm doing exactly what you're wanting.
James
More information about the squid-users
mailing list