Hi; I'm planning to work on an acl which uses SNI. But I need to pass https traffic through squid without processing it. Because I'm not interested in filtering or seeing the content, SNI server_name info will be enough. But with squid it is not possible to pass https traffic without processing it. In my design I won't use proxy, the iptables rule below will redirect https traffic to squid:
iptables -t nat -I PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.0.1:3128 Can you give me ideas how to solve above problem? And also are you working on SNI filtering? Good day to you..