Hello,
I'm using squid 2.6.STABLE6 on CentOS. I succesfully configured squid
both as a transparent proxy and normal proxy that's working fine on
http and https in normal mode, but on transparent mode https is a
challenge.
http_port 3128
http_port 3129 transparent
i'm redirecting with iptables like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 10.0.0.0/8 --dport
80 -m mark --mark 0x0 -j REDIRECT --to-port 3129
I have 2 types of clients, that are accessing internet through squid
or directly.
How can i bypass squid for https traffic ONLY for squid users?
I tried like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 10.0.0.0/8 --dport
443 -m mark --mark 0x0 -j REDIRECT --to-port 3129
but it gives:
2008/03/22 16:54:41| parseHttpRequest: Requestheader contains NULL characters
2008/03/22 16:54:41| parseHttpRequest: Unsupported method ''
2008/03/22 16:54:41| clientReadRequest: FD 19 (10.x.x.3:1104) Invalid Request
I think that i can make iptables rules for every ip in squid for
allowing direct https, but i want to avoid this.
is squid 3 capable through ssl bump for allowing https traffic without
braking the certificate? or at least without notiffing the user.
Thank you!
Received on Sat Mar 22 2008 - 09:23:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT