Re: [squid-users] https with squid

What I have done to transparently proxy HTTPS is to configure an
https_port, like

https_port 127.0.0.1:3129 transparent
cert=/usr/local/etc/squid/CA-priv+pub.pem

and use my packet filter rules to forward port 443 traffic to the
https_port. The http_port can not understand the SSL handshake, so
squid complains there there was an unsupported request method.

Hope this helps,
Guy

Ismail OZATAY wrote:
> Hello all,
>
> I am sorry maybe you have seen lots of like these questions but i have
> already searched archive and could not fix my problem. I am using
> squid-2.6.STABLE18p0 with OpenBSD 4.3. I can not use https as
> transparent proxy like http. I redirected http and https traffic to
> squid. http works properly. This the error log from access.log -->
> TCP_DENIED/400 1558 NONE error:unsupported-request-method - NONE/-
> text/html
>
> squid.conf
> ********
>
> http_port 127.0.0.1:3128 transparent
>
> acl localhost src 127.0.0.1
> follow_x_forwarded_for allow localhost
>
> hierarchy_stoplist cgi-bin ?
>
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
>
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
> cache_dir null /null
> access_log /var/squid/logs/access.log squid
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl Safe_ports port 80
> acl Safe_ports port 443
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow CONNECT
> http_access deny !Safe_ports
>
> #####################################################################
>
> acl adminip src "/etc/squid/kurallar/adminip"
> acl yasakip src "/etc/squid/kurallar/yasakip"
> acl guvenli_siteler dstdomain "/etc/squid/kurallar/guvenli_siteler"
> acl ic_network src "/etc/squid/kurallar/ic_network"
>
> acl msn1 urlpath_regex -i gateway.dll
> acl msn2 dstdomain webmessenger.msn.com
> acl msn3 req_mime_type ^application/x-msn-messenger$
>
> acl global_ip src "/etc/squid/kurallar/global_ip"
> acl global_dstdom dstdomain "/etc/squid/kurallar/global_dstdom"
> acl global_mime rep_mime_type -i "/etc/squid/kurallar/global_mime"
> acl global_ext urlpath_regex "/etc/squid/kurallar/global_ext"
>
> http_access deny yasakip
> http_access allow adminip
>
> http_access allow global_ip guvenli_siteler
> http_access deny global_ip global_dstdom
> http_reply_access deny global_ip global_mime
> http_access deny global_ip global_ext
>
> http_access allow ic_network
> http_access deny all
>
> ######################################################################
> http_reply_access allow all
> icp_access allow all
>
> coredump_dir /var/spool/squid
>
> #deny_info EXT_ERROR global_ext
> #deny_info DSTDOM_ERROR global_dstdom
>
>
> How can i fix it ?
>
> Thanks
>
> ismail

-- 
Guy Helmer, Ph.D.
Chief System Architect
Palisade Systems, Inc.