Dear

I would like to use Squid 3.3x in transparent SSL mode (in order to build a kind of HotSpot systems.)
My issue is :

"squid force to bump all websites and change the certificate even an ACL is created to deny bump websites."

I would like to know if it is possible to do that ?

I have set this in the squid.conf

# --------- SSL Listen Port
https_port 192.168.1.204:3130 intercept ssl-bump cert=/etc/squid3/ssl/cacert.pem key= /etc/squid3/ssl/privkey.pem
# --------- SSL Rules
ssl_bump deny all
always_direct allow all

-A PREROUTING -p tcp -m tcp --dport 3128  -j DROP
-A PREROUTING -p tcp -m tcp --dport 3130  -j DROP
-A PREROUTING -s 192.168.1.204/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 192.168.1.204/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -s 192.168.0.4/32 -p tcp -m tcp --dport 80  -j ACCEPT
-A PREROUTING -s 192.168.0.4/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -m comment --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -m comment -j REDIRECT --to-ports 3130
-A POSTROUTING -m comment  -j MASQUERADE


Reply via email to