-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Vadim Rogoziansky
> Sent: Friday, 19 December 2014 11:29 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Transparent proxy with Peek and Splice feature.
>
> Any ideas
Any ideas, any thoughts?
Thanks.
11/29/2014 6:17 AM, Amos Jeffries написав(ла):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/11/2014 2:48 a.m., Vadim Rogoziansky wrote:
Hello Amos.
Thank you for answer.
There was made an investigation related to squid's peek and splice
issues in tran
Yeap, squid perfectly "splice" the destination domain after step1 or
step2 or step3 when the browser is set to use proxy directly.
But, it does not work in case of transparent proxy. Squid uses the
destination IP address instead of SNI details.
The example of using client IP address is below:
2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/11/2014 2:48 a.m., Vadim Rogoziansky wrote:
> Hello Amos.
>
> Thank you for answer.
>
> There was made an investigation related to squid's peek and splice
> issues in transparent mode. One-line explanation is as follows - in
> intercept mode s
Hello Amos.
Thank you for answer.
There was made an investigation related to squid's peek and splice
issues in transparent mode.
One-line explanation is as follows - in intercept mode squid can't get a
server host name from the request header and uses clent IP address
instead for both fake ce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/11/2014 7:22 a.m., Vadim Rogoziansky wrote:
> Hello All.
>
> My goal is to do ssl bumping in transparent proxy mode with domain
> exclude possibility. Let me tell you about squid's strange
> behaviour when I'm trying to do it.
>
> In browsers
Hello All.
My goal is to do ssl bumping in transparent proxy mode with domain
exclude possibility.
Let me tell you about squid's strange behaviour when I'm trying to do it.
In browsers it says something like this:
/This server could not prove that it is www.ukr.net; its security
certificate i
