I have set up after along struggle a transparent proxy with squid, squidguard and privoxy. This works quite fine, surprisingly also for https sites. Unfortunately the performance is not too good, but I guess the man-in-the-middle attack is quite a lot of work for squid ;-). Before anyone is complaining: this is for my private network at home and this is more or less part of a project to set up a home router and learn a little bit of this stuff :-).
Anyway, here is the problem where I am stuck at the moment: as mentioned connection to most of the https sites works without problems, but I guess connection to sites with public key pinning (HSTS...?) gives me a SSL_ERROR_BAD_CERT_DOMAIN error in Firefox; here i can't add an exception for this site (e.g. in my case https://ubuntuusers.de/). After some googling it seems that there is no way that squid could "break" into this connection, so the question is: is there any way to exclude or bypass some sites so that the proxy is not used? I guess the difficulty may be the https here... Thanks a lot!!
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
