RE: [squid-users] SSL sites bypass authentication

Hi Amos,

You are right.

Will this work with transferring all the traffic to http port from iptables ?

Iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-destination serverip:3128

And further checking the traffic in squid

Acl safe_ports port 443 # Secure port
http_access allow safe_ports

Thanks/regards,
Vishal Agarwal

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Tuesday, March 20, 2012 11:11 AM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] SSL sites bypass authentication

On 20/03/2012 5:26 p.m., Vishal Agarwal wrote:
> Hi,
>
> You require to deny the db_auto just after the allow statement (See below ). I hope that will work.

That should be meaningless: if logged in will allow, else if logged in
will deny.

Missing a '!' ?

The final diagnosis of this problem is that the traffic was not even
entering Squid. No amount of Squid config will cause it to respond to
packets which dont even arrive.

Amos
Received on Tue Mar 20 2012 - 05:31:02 MDT