On 2014-07-05 01:51, winetbox wrote:
http_port 3129 intercept now work well
now i'm trying to do the same for https, but doesn't work
i put a new line on squid.conf
https_port 3131 intercept
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
--to-port 3131
these doesn't work at all
Port 443 is more complicated as you have to decrypt the TLS traffic to
reach the HTTP inside it. That means ssl-bump feature needs configuring
if you are to handle the HTTP traffic inside the TLS encryption.
NP: The latest releases will wrap intercepted port 443 traffic in a
CONNECT provided you configure "ssl_bump none" for the relevant src or
dst IP. If this is sufficient for your needs it would be best, as you
avoid having to break the security encryption. Does require the latest
3.4 (or 3.HEAD) though.
Amos
