|
Squid transparent proxy woes with and without SSL
Hi
I am trying to setup a transparent proxy for my own use which I can use to access geo blocked services, I have tried with 3.1.10 and 3.3.0.1 and I am facing different problems in both cases. Let me first describe the network setup
my lan -- GW--- Internet Dedicated Server-- Destination sites
I do point to the sites I want to access using DNS, I.e. I setup site xyz.com to point to my DNS server on my local LAN. This did work fine on 3.1.10 but not with SSL, I was adviced to use latest SQUID however on latest SQUID I am facing different problems as neither 80 or 443 are working. I am using http_access allow all for testing purposes.
First Case
Squid on a dedicated server CentOS 6, Squid version 3.1.0
Squid is the default repo install in this case
For http traffic this works just fine however for https traffic, once I get the SSL security error page in the browser, the traffic leaves the squid server in http which causes the destination site to redirect to https however, the squid server does send the traffic again in http instead of https and this causes a loop and the browser does through the related error.
Second Case
Squid on a dedicated server CentOS 6, Squid version 3.3.0.1
Squid Cache: Version 3.3.0.1
configure options: '--enable-ssl' '--prefix=/usr/local/squid2' '--with-large-files' '--enable-linux-netfilter' --enable-ltdl-convenience
As said I am allowing all traffic, using the same config as above, both http and https traffic do give access denied errors in the browser, logs however do only show miss and not denied.
The relevant lines of the config are :
http_port 0.0.0.0:8128
http_port 0.0.0.0:880 transparent
https_port 0.0.0.0:8443 transparent ssl-bump cert=/etc/squid/proxy.example.com.cert key=/etc/squid/proxy.example.com.key
and iptables looks as follows :
REDIRECT tcp -- 0.0.0.0/0 xx.xx.xx.xx tcp dpt:443 redir ports 8443
REDIRECT tcp -- 0.0.0.0/0 xx.xx.xx.xx tcp dpt:80 redir ports 880
I am at the end of my wits here, please advice.
Regards
|
