Hello,

I am trying to configure a Squid (v3.1.11) proxy for SSL connections between hosts on the LAN and servers on the internet. The traffic is routed through the host on which Squid runs and iptables are used to redirect traffic to ports 80 and 443 to ports 3128 and 3130, respectively. Simple HTTP caching works well. First attempt is a miss and subsequent ones are hits. For HTTPS, however, there are no hits, only misses, even though the requested page is in the Squid's cache. I would greatly appreciate any help.

The Squid configuration is based on the default file, with following modifications (I understand that some of these are security risks, but currently it is in testing environment and the only goal is to make it work):

http_port 3128 intercept
https_port 3130 intercept ssl-bump cert=/etc/certs/beta-srv.crt key=/etc/certs/beta-srv.key
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all

The log entry when a client attempts to retrieve a page from a server:

Jan 2 23:51:10 beta squid: 1325573470.788 25 192.168.10.2 TCP_MISS/200 388 GET https://192.168.11.2/ - DIRECT/192.168.11.2 text/html

The cache file (the garbled part at the beginning is left out):

https://192.168.11.2/^@HTTP/1.1 200 OK^M
Date: Sat, 07 Jan 2012 21:22:42 GMT^M
Server: Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0d^M
Last-Modified: Fri, 06 Jan 2012 16:25:09 GMT^M
ETag: "10d-31-4b5de7e0d2340"^M
Accept-Ranges: bytes^M
Content-Length: 49^M
Keep-Alive: timeout=5, max=100^M
Connection: Keep-Alive^M
Content-Type: text/html^M
^M
<html><body><h1>It is secure!</h1></body></html>

Please let me know if some other information would be useful.

Best,

Damir


Reply via email to