[squid-users] Intercepted connections are not bumped
Andrea Venturoli
ml at netfence.it
Thu Nov 23 10:05:04 UTC 2023
Hello.
I've got the following config:
> ...
> http_port 8080 ssl-bump cert=/usr/local/etc/squid/proxyCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> https_port 3129 intercept ssl-bump cert=/usr/local/etc/squid/proxyCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> ...
> acl step1 at_step SslBump1
> ssl_bump splice !bumphosts
> ssl_bump splice splicedom
> ssl_bump peek step1
> ssl_bump bump all
> ...
So I've got port 8080 where proxy-aware client connect and 3129, which
is feeded intercepted https connection by ipfw.
Problem is: if a client connects explicitly via proxy (port 8080) it
gets SSLBumped; if a client simply connects to its destination https
port (so directed to 3129) it is tunneled.
Anything wrong in my config?
I think it worked in the past: has anything changed in this regard with
Squid 6?
bye & Thanks
av.
More information about the squid-users
mailing list