[squid-users] Bypass bumping all websites in SSL transparent mode

From: David Touzeau <david_at_articatech.com>
Date: Tue, 12 Mar 2013 20:00:34 +0100

Dear

I would like to use Squid 3.3x in transparent SSL mode (in order to build a
kind of HotSpot systems.)
My issue is :

"squid force to bump all websites and change the certificate even an ACL is
created to deny bump websites."

I would like to know if it is possible to do that ?

I have set this in the squid.conf

# --------- SSL Listen Port
https_port 192.168.1.204:3130 intercept ssl-bump
cert=/etc/squid3/ssl/cacert.pem key= /etc/squid3/ssl/privkey.pem
# --------- SSL Rules
ssl_bump deny all
always_direct allow all

-A PREROUTING -p tcp -m tcp --dport 3128 -j DROP
-A PREROUTING -p tcp -m tcp --dport 3130 -j DROP
-A PREROUTING -s 192.168.1.204/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 192.168.1.204/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -s 192.168.0.4/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 192.168.0.4/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -m comment --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -m comment -j REDIRECT --to-ports
3130
-A POSTROUTING -m comment -j MASQUERADE
Received on Tue Mar 12 2013 - 19:01:03 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 16 2013 - 12:00:05 MDT