On 21.06.2012 11:14, Romain wrote:
> Hi,
>
> I'm using squid-3.1.19 and i would like to setup a https l7 split in
> transparent mode. The configuration seems relatively easy and there
> is no problem to catch the https request with iptables and forward it
> to
> the squid. (https_port 3130 intercept cert=... key=...)
>
> But after that squid try to retrieve the page in http not in https...
> Is it possible to keep the protocol throughout the request ?
It would seem so... but that forces a single certificate to be shared
by every domain in existence. Your clients will pop up invalid
certificate warnings on almost every single HTTP request.
You require the dynamic certificate generation feature of Squid-3.2 to
avoid those popups.
This patch is also needs to be applied to the current 3.2 snapshot, it
should be in tomorrows one.
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11599.patch
Amos
Received on Thu Jun 21 2012 - 00:43:35 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 22 2012 - 12:00:03 MDT