On 7/03/2013 2:03 a.m., Amm wrote:
> ----- Original Message -----
>> From: Amos Jeffries
>>
>> On 6/03/2013 1:40 p.m., Alex Rousskov wrote:
>>> On 03/05/2013 03:09 AM, Amos Jeffries wrote:
>>>
>>>
>>>> Squid tunnel functionality requires a CONNECT wrapper to generate
>>>> outgoing connections.
>>>> It is not yet setup to do the raw-TCP type of bypass the intercepted
>>>> traffic would require.
>>> Are you sure? IIRC, "ssl_bump none" tunneling code works for
>> intercepted
>>> connections, and that is what we claim in squid.conf:
>> Hmm. Yes I see the code now.
>>
>> Looks like it should work form IPv4 but IPv6 intercepted HTTPS might be
>> missing the [] around the IP.
>>
>> Amos
>>
> I just tried 443 port interception with sslbump and is working perfectly.
>
> If sslbump none applies for request then it passes requests as is:
> Log shows something like this:
>
> 1362574305.069 90590 192.168.1.1 TCP_MISS/200 3600 CONNECT 23.63.101.48:443 - HIER_DIRECT/23.63.101.48 -
>
>
> if sslbump server-first applied for request then log shows:
> 1362574001.569 294 192.168.1.1 TCP_MISS/200 515 GET https://mail.google.com/mail/images/c.gif? - PINNED/2404:6800:4009:801::1015 image/gif
>
> (Note: URL may not be same in both cases, these are just example)
>
> I dont have IPv6, why is it showing IPv6 address, in 2nd case?
Because you *do* have IPv6, or at least the Squid box does. And Squid is
using it successfully to contact the upstream web server.
Amos
Received on Wed Mar 06 2013 - 22:41:30 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 07 2013 - 12:00:04 MST