On Tue, Mar 12, 2013 at 03:59:27PM +0000, Stuart Henderson wrote: > For 2.7 uou must have the proxy configured specifically in your browser > for this to work - the SSL interception features are only in 3.x, and > the "server first" mode which works with transparent (a.k.a. > interception) proxy needs 3.3. > > http://wiki.squid-cache.org/Features/BumpSslServerFirst > > (this mode dynamically generates server certificates on-the-fly and > requires your CA certificate to be installed in browsers to avoid > validation failure errors).
I have thought squid could get original IP from divert socket or was reading from /dev/pf in the past for this reason. So you want to say that squid checks HTTP header only? jirib
