Re: [squid-users] Using squid as transparent proxy causes problem with pages on https

From: Guy Helmer <guy.helmer_at_palisadesystems.com>
Date: Wed, 11 Apr 2012 08:10:20 -0500

On Apr 11, 2012, at 4:31 AM, Ahmed Talha Khan wrote:

> Hey,
>
> I have configured squid to act as a transparent proxy. i also want to
> bump the ssl connections. However i am unable to open the https
> pages.The browser keeps going in loops and says that the page isnt
> redirecting properly(firefox) or has redirect-loops(chrome).
>
> I then removed the ssl-bump configuration from the http_port
> definition but the problem still persists.
>
> My setup is like this. I have 2 linux boxes, one acting as the default
> gateway of the other. I am running squid on the 2nd box. All ip-table
> entries are good as http traffic is going along smoothly.
>
> Can anybody help. My conf file looks like this
>
>
> cache_effective_user talha
> always_direct allow all
> ssl_bump allow all
>
>
>
> # Squid normally listens to port 3128
> http_port 192.168.8.105:3128 transparent ssl-bump
> cert=/home/talha/squid/www.sample.com.pem
> key=/home/talha/squid/www.sample.com.pem
> https_port 192.168.8.105:3129 transparent ssl-bump
> cert=/home/talha/squid/www.sample.com.pem
> key=/home/talha/squid/www.sample.com.pem

I think it should be functional if your ip-tables rules are redirecting port 443 traffic to port 3129. However, you will get certificate errors because squid isn't capable of creating host-specific certificates for transparent HTTPS connections yet.

Guy--------
This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
Received on Wed Apr 11 2012 - 13:10:36 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 11 2012 - 12:00:03 MDT