Re: [squid-users] squid https

From: İsmail ÖZATAY <ismail_at_ismailozatay.net>
Date: Tue, 02 Sep 2008 11:44:25 +0300

Indunil Jayasooriya yazmış:
> On Tue, Sep 2, 2008 at 11:30 AM, İsmail ÖZATAY <ismail_at_ismailozatay.net> wrote:
>
>> Hi,
>>
>> I am trying to redirect https traffic to squid for days. 2 weeks ago i sent
>> a post to this group and tried some advices but could not fix my problem. If
>> i use server ip and squid port with any browser ( without redirecting https
>> or ftp port with iptables ) it works ( both https anf ftp ) but when i
>> redirect https this error accurs ;
>>
>> 192.168.1.105 TCP_DENIED/400 2194 GET error:invalid-request - NONE/-
>> text/html
>>
>> After that i used this advice ;
>>
>> https_port 443 cert=/etc/squid/cert.pem key=/etc/squid/private.pem
>>
>> Last i tried this one that does not work with squid on OpenBSD4.3 ;
>>
>
> I use OpenBSD 4.3
>
> I think you are trying to redirect https and ftp.
>
> Transparent interception of HTTPS traffic is (by design) not possible.
> Squid 3HEAD includes a feature called sslbump
>
> Pls visit below Urls
>
> http://markmail.org/message/5d7rtqbhwwcivkkx?q=transparent+https&page=1&refer=vhkzezxg7n643ik2
>
> http://markmail.org/message/mkgy5jjr6wdthi5k?q=transparent+https&page=1&refer=vhkzezxg7n643ik2
>
>
>
>
Hi Indunil,

I am using Squid Cache: Version 2.6.STABLE18 and when i applied sslBump
i got error. Can you use this option with the same version of mine ? I
think you are using squid 3. I tried this option like this ;

http_port 127.0.0.1:3128 transparent sslBump cert=/etc/squid/cert.pem
key=/etc/squid/private.pem

Regards

ismail
Received on Tue Sep 02 2008 - 08:44:46 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 02 2008 - 12:00:02 MDT