Re: [squid-users] Transparent SSL Interception

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Tue, 24 Apr 2012 18:29:37 +0500

What you need to do is to redirect your 443 traffic to https_port.
https_port option is required to intercept traffic on port 443. This
patch will resolve the url redirection loop error that your browser is
giving you.

Putting ssl-bump option in https_port doenot make much of a differnce
because port 443 will not have any CONNECT method traffic.

-talha

On Tue, Apr 24, 2012 at 6:23 PM, Neil <nwilson123_at_gmail.com> wrote:
> On Tue, Apr 24, 2012 at 12:23 PM, Ahmed Talha Khan <auny87_at_gmail.com> wrote:
>> You might want to look at
>> http://bugs.squid-cache.org/show_bug.cgi?id=2976. There was a
>> quick-fix which caused even more problems. This is a  hard-coded value
>> that causes all requests to be forcibly written to "http" even
>> "https". You can reverse it via this patch
>> http://bugs.squid-cache.org/attachment.cgi?id=2375.
>>
>> It should work.
>>
>> The pain was all mine to debug it ;)
>> -talha
>
> Hi Talha,
>
> Thank you very much for your reply.
> I've read the bug report and looked at the comments, but I'm not sure
> if this bug is related to my post/problem. The post mentions users
> receive a "The following error was encountered while trying to
> retrieve the URL..."
> I don't get this error at all unless I redirect using iptables port
> 443 traffic to my squid http_port instead of sending 443 traffic to my
> squid https_port,  should I be doing this? Do I need to have an
> https_port option at all considering that ssl-bump is an http_port
> option?
>
> Thank you very much for your assistance, my apologies for my confusion.
>
> Regards.
>
> Neil Wilson.

-- 
Regards,
-Ahmed Talha Khan
Received on Tue Apr 24 2012 - 13:29:44 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 24 2012 - 12:00:04 MDT