[squid-users] How to intercept ssl_bump transparent NAT httpswebsites
Amos Jeffries
squid3 at treenet.co.nz
Wed May 31 00:31:42 UTC 2017
On 30/05/17 21:55, Andi wrote:
> Thank you for all your suggestions Mister.
>
> I improved my conf by them and disabled squidguard for testing and its
> working now fine without squidguard.
> So I need to investigate why squidguard won't run with https sites on
> v 3.5.25
>
> squidGuard -v
> SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013)
>
> How can I find out what happens between Squid, SquidGuard at debian
> and Firefox at client side ?
The Squid<->Firefox is all HTTP so for that debug_options 11,2.
That will also show you any of the HTTP to servers if it is involved.
For the redirector debug_options 61,5
>
> I tried echo tests locally with squidguard but it only shows ERR
> results with https sites.
> Http sites are working well as expected with squidguard
I'm not entirely surprised by that. SG has not been maintained since
before Squid was handling https:// on a regular basis. So it may simply
be not able to process that type of URL.
Squid can now do a lot of what SG was useful for. But if you really
still need SG for something perhapse you should try using the ufdbguard
helper instead. It is essentially a drop-in replacement but has extra
features for a lot more modern traffic handling and has active support.
Amos
More information about the squid-users
mailing list