I reconfigured add " --with-nat-devpf " (squid-3.5.24 on FreeBSD 9.1)
This issue *has been resolved*
thanks to Amos Jeffries
The follow is my squid version and configure.
Squid Cache: Version 3.5.24-20170331-r14150
Service Name: squid
configure options: '--prefix=/usr/local/squid'
test case 1 :
-
I changed my squid setting (don't use intercept mode)
http_port 3129 ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
thab client Web Browser set proxy to 192.168.95.81:3129
I also tested the following cases
test case 1:
add the following settings in squid.conf
acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
test results: ssl bump is failed
1. access.log no record
2. web browser has been waiting , no response
On 06/07/2017 03:37 AM, Jason Chiu wrote:
> 1495699856.074 0 192.168.95.81 TCP_DENIED/200 0 CONNECT 127.0.0.1:3129
> *Need to adjust which part of the settings?*
If that connection is really trying to connect to 127.0.0.1:3129 from
Squid point of view, then your interception setup is
I also tested the following cases
test case 1:
add the following settings in squid.conf
acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
test results: ssl bump is failed
1. access.log no record
2. web browser has been waiting , no response
I had a FreeBSD 9.1 bridge (em0, em1) environment,
Use "pf rdr to" redirect HTTPS (port 443) packets to squid (squid 127.0.0.1:
3129)
Squid *3.3.11* ssl bump is OK.
The following is the setting of squid 3.3.11
Squid Cache: Version 3.3.11-20140220-r12672
Configure options: '--prefix = / usr /