I have a Squid Cache: Version 3.4.3 this --enable-ssl --enable-ssl-crtd
In squid.conf:
http_port 3128 transparent
https_port 3129 transparent ssl-bump key=/etc/squid3/ssl/privkey.pem
cert=/etc/squid3/ssl/newcert.pem
ssl_bump client-first all
sslproxy_flags DONT_VERIFY_PEER
acl to_sniff dstdom_regex .com$
cache_peer 192.168.56.100 parent 8888 0 no-query no-digest name=peer1
cache_peer_access peer1 allow to_sniff
cache_peer_access peer1 deny all
Iptables rules:
iptables -t nat -A PREROUTING -s 192.168.56.42 -p tcp --dport 80 -j
REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.56.42 -p tcp --dport 443 -j
REDIRECT --to-port 3129
HTTP traffic is successfuly go to the cache_peer, but HTTPS don't send
any request to the cache_peer.
If we disable "acl to_sniff dstdom_regex .com$" ssl_bump work fine. No
errors in the log file.
Why HTTPS don't send any request to the cache_peer?
Received on Fri Mar 07 2014 - 20:04:16 MST
This archive was generated by hypermail 2.2.0 : Sat Mar 08 2014 - 12:00:05 MST