Hi guys, We are currently using our Squid (3.1.x) as transparent HTTP proxy (with dst nat). We also want to use our Squid as transparent HTTPs proxy, which works too, despite our Internet research in which we got many results for "transparent https proxying is not possible". I admit that there are some issues, but we only want to use it for our guest lan, not every site has to work. Unforuntately, there are many sites which start as HTTP-site and redirect to HTTPs before receiving login credentials (e.g. amazon) or just redirect (e.g. https://www.juniper.net/customers/csc/). In these situations, my firefox prints following error message: The page isn't redirecting properly. It seems Squid can't handle 302 (in transparent https mode?)
https://www.juniper.net/customers/csc/ GET /customers/csc/ HTTP/1.1 Host: www.juniper.net User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: WT_FPC=waytoolongstuff HTTP/1.0 302 Moved Temporarily Location: https://www.juniper.net/customers/csc/ Content-Length: 222 Content-Type: text/html; charset=iso-8859-1 Server: Concealed by Juniper Networks DX Vary: Accept-Encoding Date: Fri, 16 Mar 2012 13:23:35 GMT Set-Cookie: rl-sticky-key=82546ce42517c9836c5deb8079756e0e; path=/; expires=Fri, 16 Mar 2012 14:08:34 GMT X-Cache: MISS from xlsqit01_1 Via: 1.0 xlsqit01_1 (squid/3.1.16) Connection: keep-alive Can anybody offer a solution or how do you allow HTTPs in your guest (W)LANs? Direct connection or using proxy-scripts (WPAD,...)? thanks && best regards, Peter
