[squid-users] Bypass HSTS sites in squid?
Matthias Eder
dameffy at googlemail.com
Sat Apr 28 19:22:11 UTC 2018
I have set up after along struggle a transparent proxy with squid,
squidguard and privoxy. This works quite fine, surprisingly also for https
sites. Unfortunately the performance is not too good, but I guess the
man-in-the-middle attack is quite a lot of work for squid ;-). Before
anyone is complaining: this is for my private network at home and this is
more or less part of a project to set up a home router and learn a little
bit of this stuff :-).
Anyway, here is the problem where I am stuck at the moment: as mentioned
connection to most of the https sites works without problems, but I guess
connection to sites with public key pinning (HSTS...?) gives me a
SSL_ERROR_BAD_CERT_DOMAIN error in Firefox; here i can't add an exception
for this site (e.g. in my case https://ubuntuusers.de/). After some
googling it seems that there is no way that squid could "break" into this
connection, so the question is: is there any way to exclude or bypass some
sites so that the proxy is not used? I guess the difficulty may be the
https here...
Thanks a lot!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180428/52ae25d1/attachment.html>
More information about the squid-users
mailing list