[squid-users] Squid transparent proxy woes from Ali Jawad on 2012-12-23 (squid-users)

From: Ali Jawad <alijawad1_at_gmail.com>
Date: Sun, 23 Dec 2012 22:37:20 +0200

Hi
I am trying to setup a transparent proxy for my own use which I can
use to access geo blocked services, I have tried with 3.1.10 and
3.3.0.1 and I am facing different problems in both cases. Let me first
describe the network setup

my lan -- GW--- Internet Dedicated Server-- Destination sites

I do point to the sites I want to access using DNS, I.e. I setup site
xyz.com to point to my DNS server on my local LAN. This did work fine
on 3.1.10 but not with SSL, I was adviced to use latest SQUID however
on latest SQUID I am facing different problems as neither 80 or 443
are working. I am using http_access allow all for testing purposes.

First Case
Squid on a dedicated server CentOS 6, Squid version 3.1.0
Squid is the default repo install in this case

For http traffic this works just fine however for https traffic, once
I get the SSL security error page in the browser, the traffic leaves
the squid server in http which causes the destination site to redirect
to https however, the squid server does send the traffic again in http
instead of https and this causes a loop and the browser does through
the related error.

Second Case
Squid on a dedicated server CentOS 6, Squid version 3.3.0.1
Squid Cache: Version 3.3.0.1
configure options: '--enable-ssl' '--prefix=/usr/local/squid2'
'--with-large-files' '--enable-linux-netfilter'
--enable-ltdl-convenience

As said I am allowing all traffic, using the same config as above,
both http and https traffic do give access denied errors in the
browser, logs however do only show miss and not denied.

The relevant lines of the config are :

http_port 0.0.0.0:8128
http_port 0.0.0.0:880 transparent
https_port 0.0.0.0:8443 transparent ssl-bump
cert=/etc/squid/proxy.example.com.cert
key=/etc/squid/proxy.example.com.key

and iptables looks as follows :

REDIRECT tcp -- 0.0.0.0/0 xx.xx.xx.xx tcp dpt:443
redir ports 8443
REDIRECT tcp -- 0.0.0.0/0 xx.xx.xx.xx tcp dpt:80
redir ports 880

I am at the end of my wits here, please advice.

Regards
Received on Sun Dec 23 2012 - 20:37:47 MST

This archive was generated by hypermail 2.2.0 : Mon Dec 24 2012 - 12:00:06 MST