0

SQUID Transparent SSL proxy (no intercept)

view story
linux-howto

http://serverfault.com – I know how to have squid work as a transparent proxy. You put it into transparent mode then use your router or IPTABLES to forward port 80 to the squid port. I would like to do the same for SSL. Every guide I see mentions setting up keys on the squid server. I do not want squid to actually decrypt the SSL traffic then establish a connection with the server, rather I would like squid to simply forward the SSL traffic as is. The only thing I would like to do is be able to check the SSL request for any offending IPs and drop the packets if the destination is one of them. (HowTos)

xskl's picture
Submitted by xskl on 10/18/2012

Stories similar to SQUID Transparent SSL proxy (no intercept)

freebsd pf squid transparent 8 weeks 3 days ago

I have broken my brain dealing with this. Squid was built from ports /usr/ports/www/squid32 with PF_TP enabled.

I have internet but strangely it bypasses squid. Obviously, squid logs are empty.

I am not sure what is wrong.

Use squid to setup a transparent proxy and use iptables to direct all web traffic to the squid instance. In the squid config you can create an acl for the subnet you specified to go to a splash pa... [by larwood]

I have a Squid Proxy server (Debian) working perfectly with authentication:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd

I'd like that also client that try to get web pages using the proxy as gateway (port 80) get redirected on port 3128.

I've tried iptables:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

without luck because in tha

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

I am trying to reduce internet bandwidth consumption. I have installed squid as a transparent proxy server and it is currently getting all traffic from port 80. I am using the proxy_stats.gawk utility to generate reports. I am still only logging 1/4 of the traffic the ISP actually reports. Can i get all traffic on all other ports to go though the proxy as well. i.e. VOIP... How can i Achieve this?

Running into an issue with my iptable rule to redirect outbound traffic on port 80 to a squid proxy transparently.

Here is my interface information

eth0 = internet eth1 = physical interface eth1:0 = 192.168.0.1/24 eth1:1 = 172.16.0.0/24

My iptables rule:

iptables -t nat -A PREROUTING -s 192.168.0.0/24 !

Hi,

I'm mon webmaster/developer and I'm new in Linux. Our office suddenly needs to setup a proxy server. Ubuntu Squid proxy server immediately came as an option for us. The question is: does transparent squid proxy configuration using Ubuntu will have no problem with computers running on Windows OS?

Thanks in advance.. Sorry if this is a very noob question.

I recently purchased a VPS and am wanting to use it as a VPN server. However, it has bandwidth limitations. So, I figured since I already have a local Squid proxy caching things for me, I could have users connect to the proxy and the proxy connect to the VPN.

I've just set up a squid transparent proxy inside my network. The proxy works fine, however it seems some sort of caching policy is causing the proxy to instead go grab a copy of the website, it's simply pointing to 127.0.0.1's HTTP web server (which is NGINX with multiple virtual hosts).