On 01.11.2012 04:33, Heinrich Hirtzel wrote:
Hello

For a school project I'm trying to intercept SSL connections by using
Squid (client -> squid (transparent) -> server).
I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the
following configuration:

*************************************
http_port 10.0.1.1.:3128 intercept
https_port 10.0.1.1.:443 ssl-bump cert=/user/local/squid3/ssl_cert/myCA.pm

acl our_networks src 10.0.1.0/24
http_access allow our_networks
forwarded_for off
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
*************************************

I've
complied squid with SSL support (--enable-ssl). When starting Squid I do not get any error message. Also, proxying http traffic works without
any problems.

However, when I try to establish a HTTPS session
through squid, the client retrieves the SSL certificate from squid, but after accepting it the browser displays an error message from squid that
 the URL is invalid:

"The following error was encountered while trying to retrieve the URL: /.

Invalid URL"

In the Squid access.log I see the following line:
"<timestamp> 0 10.0.1.5 NONE/440 3503 GET / - NONE/- text/html"

It
appears that squid does strips away the hostname / domain name of the URL the client tries to access, which causes the error message mentioned
 above.

I've already spent hours in finding a solution for this
problem and went through dozens of tutorials, unfortunately I wasn't
able to find a solution so far.

Any ideas what could be wrong?

You are missing the intercept flag on https_port. That is what tells Squid how to interpret the URL and TCP layer differences in the port 80 and 443 syntax traffic.

Amos

Reply via email to