[squid-users] SSl Interception proxy

Hi, I've been trying to implement "transparent" proxy for secure https websites using ssl-bump server-first feature. Some websites will work properly with the running configuration, but some of them like hotmail (login.live.com) won't. What I've found interesting about that is if, for example, IE 7 is used it will be possible to use hotmail. If I try with Google Chrome or Firefox 20, a blank page will be shown when going through "www.hotmail.com". Some other sites like facebook won't display the images properly in the https front website. Am I missing something in the configuration? My iptables rules are the like below: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3129 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3130 My squid.conf file has the following: acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 visible_hostname linux-cyud.labviavarejo.br acl localnet src 10.0.0.0/8     # RFC1918 possible internal network acl localnet src 172.16.0.0/12  # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7       # RFC 4193 local private network range acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80          # http acl Safe_ports port 21          # ftp acl Safe_ports port 443         # https acl Safe_ports port 70          # gopher acl Safe_ports port 210         # wais acl Safe_ports port 1025-65535  # unregistered ports acl Safe_ports port 280         # http-mgmt acl Safe_ports port 488         # gss-http acl Safe_ports port 591         # filemaker acl Safe_ports port 777         # multiling http acl CONNECT method CONNECT always_direct allow all ssl_bump server-first all #sslproxy_cert_error allow all #sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/sbin/ssl_crtd -d -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 10 startup=5 idle=5 http_access allow localhost manager http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access deny all http_port 3128 http_port 3130 intercept https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CertificateSquid.pem refresh_pattern ^ftp:           1440    20%     10080 refresh_pattern ^gopher:        1440    0%      1440 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0 refresh_pattern .               0       20%     4320 debug_options ALL,9 Best Regards, Alessandro
Received on Thu May 09 2013 - 14:42:31 MDT