[squid-users] How do I handle SSL traffic in a transparent proxy setup

From: Tim Duncan <Tduncan@dont-contact.us>
Date: Wed, 5 Jul 2006 16:04:02 -0400

In a transparent proxy environment where I have no control over the
user's browser configuration settings, how do I handle requests for
https:// web sites. http:// sites are served up just fine, but https://
sites fail.

OS FreeBSD 6.1-STABLE

Squid Cache: Version 2.5.STABLE14
configure options: --bindir=/usr/local/sbin
--sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid
--libexecdir=/usr/local/libexec/squid --localstatedir=/usr/local/squid
'--enable-removal-policies=lru heap' '--enable-auth=basic ntlm digest'
'--enable-basic-auth-helpers=NCSA PAM MSNT SMB winbind YP'
--enable-digest-auth-helpers=password
'--enable-external-acl-helpers=ip_user unix_group wbinfo_group
winbind_group' '--enable-ntlm-auth-helpers=SMB winbind'
'--enable-storeio=ufs diskd null' --enable-snmp --enable-underscores
--enable-pf-transparent --enable-ipf-transparent
--enable-default-err-language=English --prefix=/usr/local
i386-portbld-freebsd6.1

Ipfw list:
ipfw add fwd 127.0.0.1,3128 tcp from not me to any dst-port 80

Kernel has been recompiled with the following options:
device pf
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT

Thank You
Tim
Received on Wed Jul 05 2006 - 14:03:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT