Squid - Transparent - HTTPS Issue

[ahuxham]

Hi All,

Quick query, as I've used all resources trying to resolve this error. Can't seem to find the fix.

Vigor 3300 (192.168.0.59 Strict BIND on Squids MAC no other traffic allowed through) > Squid (Debian Etch - 192.168.0.54) > LAN.

So, I've set the box up, made some sneaky delay pools, create a 70GB caching location across a few drives blaah-de-blaah. However users cannot access HTTPS traffic. I also read you cant have the proxy transparent and have HTTPS traffic. Does this mean we can only use proxy settings within Internet Explorer, and turn transparency off?

Iptables rules using the Transparent settings.

Code:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.54:3128

Would doing the above, changing --dport 80 to --dport 443 work. I've not seen this documented anywhere, and to be honest its driving me nuts. 443 is on the ACL as SafeSSLPorts.

I read the following from a previous post:

Code:

iptables -t filter -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT

but my Iptables knowledge is very limited.

Anyone have any ideas?

[Jackd]

Yeah you cant transparently proxy https, its a man-in-the-middle attack.

Do you have IP Forwarding turned on because thats what i needed to enable for mine to allow https to pass straight through