Re: [squid-users] What's the easiest way to allow direct HTTPS connection in Intercept mode?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 25 Jun 2011 01:27:21 +1200

On 24/06/11 19:52, kkk kkk wrote:
> Hi all,
>
> I know the SSL issue has been beaten to death
>
> I'm using DNS redirect to force my clients to use my intercept proxy.
> As we all know, intercepting HTTPS connection is not possible unless I
> provide a fake certificate. What I want to achieve here is to allow
> all HTTPS requests connect directly to the source server, thus
> bypassing Squid:
>
> HTTP connection> Proxy by Squid
> HTTPS connection> Bypass Squid and connect directly
>
>
> I spent the past few days goolging and trying different methods but
> none worked so far. I read about SSL tunneling using the CONNECT
> method but couldn't find any more information on it.
>
> Any takes on how to do this?

You need to know what the original IP should have been. Then NAT the
traffic on port 443 back to that IP.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.9 and 3.1.12.3
Received on Fri Jun 24 2011 - 13:27:57 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 24 2011 - 12:00:03 MDT