[squid-users] squid 3.5 ssl-bump intercept TCP_DENIED/200 on bridge mode
Jason Chiu
f6253283 at hotmail.com
Fri Jun 9 04:05:33 UTC 2017
test case 1 :
-----------------------------------------
I changed my squid setting (don't use intercept mode)
http_port 3129 ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
thab client Web Browser set proxy to 192.168.95.81:3129
squid ssl-bump * OK *
squid access.log has the client access log.
test case 2:
-----------------------------------------
but I want use transparent mode (intercept with PF rdr).
intercept mode add the following acl rule :
acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
.....
https_port 3129 intercept ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
access.log no appear TCP_DENIED/200 0 CONNECT 127.0.0.1:3129
but client web browser has been waiting and no response.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-5-ssl-bump-intercept-TCP-DENIED-200-on-bridge-mode-tp4682712p4682735.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list