[squid-users] transparent https question

From: Marcelo Barbudas <nostef_at_gmail.com>
Date: Sat, 14 Dec 2013 20:20:31 +0200

Hi!

I'm trying to get a transparent https proxy working with squid.

My current flow is like this:
1) user makes request to my dns server for https://x.com
2) x.com is resolved to a server I control
3) the 443 port on the server I control redirects to squid.

When I make the request squid shows the following message:

The following error was encountered while trying to retrieve the URL:
://IP_OF_SERVER_I_CONTROL
The system returned: (111) Connection refused

I'm guessing squid isn't looking at the request header to figure out
the proper host (why is it the ip and not https://x.com?)

I've attached my config below (debian defaults + ssl_bump).

What am I doing wrong?

My current config file is like this:

acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
https_port 9131 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/caCert.pem
key=/etc/squid3/ssl/caKey.pem
ssl_bump server-first all
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
always_direct allow all

-M.
Received on Sat Dec 14 2013 - 18:20:39 MST

This archive was generated by hypermail 2.2.0 : Sun Dec 15 2013 - 12:00:05 MST