> > On 17/07/2014 11:09 p.m., James Harper wrote: > > Is there any way of configuring squid to proxy any tcp traffic on any > > port? Obviously it can't filter on URL but can still filter on a few > > other things, including ident user and IP address. > > Devices that do that are commonly called firewalls or deep packet > inspection. >
True, but squid has the advantage of a very nice acl and permission infrastructure, rather than defining one set of rules for squid and another for iptables (which can't authenticate by identd afaik) Using a https_port with transparent and ssl_bump none works - all connections are just plumbed straight through. The only issue is when the destination port is unreachable - then squid returns an error page which is going to be completely unexpected by the client unless it is expecting http. I assume that's an issue when just using https_port for actual ssl too though. James
