Re: [squid-users] RE: : [squid-users] Squid and SSL interception (ssl-bump)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 01 Nov 2012 12:19:26 +1300

> ----------------------------------------
>> Date: Thu, 1 Nov 2012 00:59:15 +0800
>> From: ammdispose-squid
>>
>> ------------------------------
>> On Wed 31 Oct, 2012 9:03 PM IST Heinrich Hirtzel wrote:
>>
>> >http_port 10.0.1.1.:3128 intercept
>> >https_port 10.0.1.1.:443 ssl-bump
>> cert=/user/local/squid3/ssl_cert/myCA.pm
>> >
>>
>> you have forgotten intercept on https line
>>
>> Amm

On 01.11.2012 06:07, Heinrich Hirtzel wrote:
>> you have forgotten intercept on https line
>>
>> Amm
> Already tired that before, doesn't work either.

You are intercepting packets. That option is required on the port.

  - instructs Squid to lookup the NAT table and find TCP details from
before REDIRECT erased things in the packet.
  - instructs Squid the URL is a partial and to lookup the Host: HTTP
header to find the domain;port details.

Any errors after adding intercept flag properly will be due to some
other problem than URL "/" being received. Which is the only problem you
have described so far (other than "dont work", "doesnt work either"
which I assume are all the same error message appearing due to URL
parsing being one of the very first things Squid does for new traffic).

Amos
Received on Wed Oct 31 2012 - 23:19:30 MDT

This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 12:00:05 MDT