On 8/06/2014 10:03 a.m., Jatin Bhasin wrote: > Hello, > > 1) I have to bump the SSL request because I want to pass the decrypted > traffic to the eCap adapter so that I can look for viruses in the > traffic and block them if found. > > 2) I cannot inroduce Proxy1 in the client browser. The only option I > have is PROXY1 sitting in the middle of Client and PROXY2 and then > PROXY1 should decrypt the traffic and send it to the ecap adapter for > virus checking and block them.
Okay so far so good. Use intercept rules in the PROXY1 machines networking stack *without* the intercept flag in squid.conf. PROXY1 does not have to do any network level un-NAT hacks to process requests destined explicitly to itself or any other HTTP proxy. You may encounter problems getting the decoded traffic back to PROXY2 though. The released Squid versions do not yet generate CONNECT requests for upsream unless one is intercepting port 443 traffic and *bypassing* the ssl-bump. PROXY1 will try to use port 443 HTTPS itself. Amos
