Hello Eliezer, thank you for your response.
I have examined the wireshark pcap of this transaction and will now provide
a more detailed run-through of what's going on. As a summary, the problem is
related to SSL; basically what's going on is I am requesting an SSL page,
the and the ICAP server is
Basically the main issue is that you actually change the request instead
of redirecting.
You should use a 302 redirect full response for the request that will
result the client accessing the 192.168.1.145:8089 server by itself.
ELiezer
On 08/19/2014 03:07 AM, agent_js03 wrote:
ICAP/1.0 200
Hello again eliezer,
I have decided to do what you said before and set the code to 302 instead of
200 and now the block page works perfectly. All problems are solved.
--
View this message in context:
What are the iptables rules for that?
Also look at:
http://wiki.squid-cache.org/EliezerCroitoru/Drafts/SSLBUMP
I recompiled to 3.4.6
and ran everything in your page there.
squid started correctly.
However, it is the same problem. Any https page that I had configured
does not resolve. It is
Hey,
What is the full ICAP server request and response?
You need to use a 302 redirect for what you want to work.
Eliezer
On 08/15/2014 02:32 PM, agent_js03 wrote:
I upgraded to squid 3.3.8 with the same config and iptables and everything
now works. I guess intercept just doesn't work with
I upgraded to squid 3.3.8 with the same config and iptables and everything
now works. I guess intercept just doesn't work with squid 3.2. However now I
am having a different issue. I am running a content filter that interfaces
with squid through ICAP. I have a blockpage running on the same box at
This doesn't work for me either. Here is my updated squid conf:
/http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB key=/etc/squid3/ssl/private.pem
cert=/etc/squid3/ssl/public.pem
always_direct allow all
What are the iptables rules for that?
Also look at:
http://wiki.squid-cache.org/EliezerCroitoru/Drafts/SSLBUMP
Eliezer
On 08/14/2014 09:32 AM, agent_js03 wrote:
This doesn't work for me either. Here is my updated squid conf:
/http_port 3128
http_port 3129 intercept
https_port 3130 intercept
Awesome, so if I change my squid.conf accordingly, do I redirect all traffic
to port 3128 or do I redirect http to 3129 and https to 3130 accordingly?
--
View this message in context:
On 8/13/2014 12:52 PM, agent_js03 wrote:
Awesome, so if I change my squid.conf accordingly, do I redirect all traffic
to port 3128 or do I redirect http to 3129 and https to 3130 accordingly?
--
View this message in context:
10 matches
Mail list logo
