[email protected] wrote:
hi all
i've tried to google around for this topic and to search the archives
the last 2 hours, but it seemes, i'm not able to solve the problem.
my issue is this: i'm using a transparent proxy (squid 3.0) to
regulate internet access. my server (freebsd 7.2) is forwarding all
http AND https traffic to a squid (compiled with transparent option),
but using ipfw: add 15000 fwd 127.0.0.1,3128 tcp from table(10) to
any 80,8080 recv xl0 keep-state add 15001 fwd 127.0.0.1,3129 tcp from
table(10) to any 443 recv xl0 keep-state
squid is listening on 3128 for http and 3129 for https.
this works perfect and my users can surf normally the internet, also
websites with SSL are working (getting an error of the SSL, because
the certificate does not really matches. but anyway.
i've atteched my squid.conf for reference.
but anyway, testing apple updates -> no problem. trying to update
windows -> error.
i get error 0x80072F8F complaining about the date/time of the update
certificate.
is there a way to solve my problems? i've tried using no-cache,
allow_direct, etc.. and I failed.
-steven
Welcome to the world of security protection against man-in-middle
attacks (the correct name for 'transparent' interception proxy mode).
Windows Update requires a HTTPS authentication request to succeed before
it will update. The authenticator unconditionally verifies the security
certificates as all good browsers and web clients should also be doing.
... catch my drift?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
