RE: [squid-users] squid 3.2.0.17 + transparent + sslbump

On 17.04.2012 22:26, Daniel Niasoff wrote:
> I suppose so.
>
> Was hoping for a more "magical" solution that would just work.

You are talking about a cross-ASN problem. Paste the consumer CPE
devices is a whole other network scope, which just happens to be
(probably) single-homed through yours.

Government proxy farms and "great firewall" setups face the same
problem with internal ISP networks. IETF HTTP WG is considering the
problem, but there is nothing today which solves it magically.

Amos

>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: 17 April 2012 11:21
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] squid 3.2.0.17 + transparent + sslbump
>
> On 17/04/2012 10:16 p.m., Daniel Niasoff wrote:
>> Thanks Ahmed,
>>
>> That worked, well sort of anyway.
>>
>> Squid is now successfully transparently intercepting SSL but as
>> stated on the wiki, certificate rewrite doesn't work.
>>
>> So I guess the only real solution is explicit proxy.
>>
>> I tried to play around with WPAD + PAC but that is only useful when
>> PCs are on a corporate network with centrally managed DNS/DHCP.
>>
>> My clients are home users with their own broadband routers which
>> manage their own DHCP.
>>
>> So any ideas what I can do if I want to set up a proxy service for
>> SSL with minimum effort required from users and no control of DHCP?
>
> You can publish the details of your proxy and PAC file, encouraging
> them to make use of it for faster Internet.
>
> Amos
Received on Tue Apr 17 2012 - 22:42:23 MDT