[squid-users] internet squid with https and just for domain resolution not for caching or so
Antony Stone
Antony.Stone at squid.open.source.it
Fri Aug 31 16:45:17 UTC 2018
On Friday 31 August 2018 at 17:44:41, --Ahmad-- wrote:
> Dear Folks .
>
> i ask here
>
> if i wan to enable squid into intercpt/transparent or transparent
> TCP_connect
>
> i dont want to decrypt the message
>
> all what i need say client requested google.com <http://google.com/>
I assume you meant to say https://google.com ?
> i can from router to send the packet to the proxy server via PBR or so and
> all what i need is squid intercept this msg and do the name resolution and
> based on it , it has the tcp_outgoing address as IPV6 address
>
> agian dont want any certificate error or so
>
> possible ?
No.
If the client is configured not to use a proxy (and you say you want to use
intercept mode) then the client itslf will already have done the DNS lookup
(otherwise it wouldn't know which IP address to send the request to).
If Squid then intercepts the request, it will already have a destination IP
address, and Squid has no reason to do a DNS lookup. If it didn't and perhaps
found a different IP address than the client did (which is entirely possible
with CDNs etc) and decided to send the request there instead, things would
break once the reply got back to the client because it would see a reply from
an address it didn't send a request to.
If in fact you are asking how to convert IPv4 requests to IPv6 requests then I
seriously doubt that this can be done using Squid in intercept mode at all
(however I've never wanted to try it).
Antony.
--
"I find the whole business of religion profoundly interesting. But it does
mystify me that otherwise intelligent people take it seriously."
- Douglas Adams
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list