Re: [squid-users] SSL sites bypass authentication

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 21 Mar 2012 01:50:32 +1300

On 20/03/2012 6:31 p.m., Vishal Agarwal wrote:
> Hi Amos,
>
> You are right.
>
> Will this work with transferring all the traffic to http port from iptables ?
>
> Iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-destination serverip:3128

REDIRECT takes a port, and assigns the traffic to the box primary IP at
that port. If you want to specify particular IP:port use DNAT.

However, port-443 traffic does not flow over port-80 and is a very
different beasty for intercept to deal with considering all that TLS armour.

Amos
Received on Tue Mar 20 2012 - 12:50:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:04 MDT