Dear
I would like to use Squid 3.3x in transparent SSL mode (in order to build a
kind of HotSpot systems.)
My issue is :
"squid force to bump all websites and change the certificate even an ACL is
created to deny bump websites."
I would like to know if it is possible to do that ?
I have set this in the squid.conf
# --------- SSL Listen Port
https_port 192.168.1.204:3130 intercept ssl-bump
cert=/etc/squid3/ssl/cacert.pem key= /etc/squid3/ssl/privkey.pem
# --------- SSL Rules
ssl_bump deny all
always_direct allow all
-A PREROUTING -p tcp -m tcp --dport 3128 -j DROP
-A PREROUTING -p tcp -m tcp --dport 3130 -j DROP
-A PREROUTING -s 192.168.1.204/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 192.168.1.204/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -s 192.168.0.4/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 192.168.0.4/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -m comment --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -m comment -j REDIRECT --to-ports
3130
-A POSTROUTING -m comment -j MASQUERADE
Received on Tue Mar 12 2013 - 19:01:03 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 16 2013 - 12:00:05 MDT