On 6/15/23 09:27, Ben Goz wrote:
The https interception guide in this link:
https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#squid-configuration-file
is misleading
I agree. That page should not use the word "intercept" when talking
about HTTP CONNECT inspection and bumping -- CONNECT requests are not
(normally) intercepted. Pull requests improving documentation welcome!
> as it uses http_port for ssl-bump and not https_port.
Both directives support SslBump, but each works with a different kind of
traffic.
Alex.
בתאריך יום ה׳, 15 ביוני 2023 ב-16:08 מאת Alex Rousskov
<rouss...@measurement-factory.com
<mailto:rouss...@measurement-factory.com>>:
On 6/15/23 07:31, Ben Goz wrote:
> the tproxy configuration works perfectly using http without ssl,
> But using ssl I'm getting in browser ssl error
"ERR_SSL_PROTOCOL_ERROR"
> http_port 0.0.0.0:3130 <http://0.0.0.0:3130> tproxy ...
This http_port is for plain text HTTP interception. The configuration
needs an https_port (note the "s") dedicated to TLS interception
instead.
> TPROXY tcp -- anywhere anywhere tcp
> dpt:https TPROXY redirect 0.0.0.0:3130 <http://0.0.0.0:3130> mark
0x1/0x1
The above rule should redirect traffic to that https_port.
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
