Ssl – Squid, WCCP and Transparent HTTPS

httpssquidssltransparent-proxy

Sorry if this has been answered but i just can't get it to work for me.

We would like to log all HTTPS & HTTP requests but not to use Squid-in-the-middle. We would like the proxy to connect the HTTPS directly as we don't care about the traffic only the domain that it might be going to.

We are using WCCP to do the initial redirect of 443 and Iptables Prerouting to forward onto squid.

I can't use a PAC or auto configuration file, and clients are blocked by our firewall from connecting to the Internet directly on 443. 🙁

Is this even possible without MITM?

Any help with this is much appreciated, thanks in advance.

Best Answer

Yes there is a way to do https WCCP redirection without MITM. You have to force Squid not to ssl-bump incoming SSL traffic.

ssl_bump none all

HOpe that helps. I have a complete article here that goes into WCCP redirection using a Cisco ASA including both http and https. Web SSL Proxy redirection using WCCP Ccisco ASA and Squid 3.4+

Related Solutions

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

You must tell squid that it is setup as a transparent system

Instead of

http_port 3128

You need

# enable the transparent option for interception caching
http_port 3128 transparent

Squid – HTTPS Not Working in Transparent Proxy

HTTPS traffic can not be redirected transparently to a proxy. You need to find a way to configure the proxy settings on your devices. If it is not feasible, you have to forward HTTPS traffic directly to the Internet.

Best Answer

Related Solutions

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

Squid – HTTPS Not Working in Transparent Proxy

Related Topic