> Hi! I am trying to set up a HTTPs intercept proxy but I cannot get it to
> work. Can someone point me in the right direction?
> I tried following the
> tutorial @ https://www.youtube.com/watch?v=Bogdplu_lsE (Transparent
> HTTP+HTTPS Proxy with Squid and iptables) for squid file.
> and https://github.com/diladele/squid-ubuntu for building squid 3.5 on
> *squid.conf file *
> acl clients src 172.16.10.0/24
> acl clients src 172.18.10.0/24
> http_access allow localhost
> http_access allow clients
> http_access deny all
> http_port 8080
> http_port 3128 intercept
> https_port 3129 intercept ssl-bump cert=/etc/squid/ssl_certs/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> # only wait 5 seconds to terminate active connections
> shutdown_lifetime 5
> I am forced to use old 3.5 version of squid as I am running very old
> version of Vsphere supporting ubuntu 14.04 and below.
Such things do not apply when building from source. You can build any
version which your build tools can handle. That should be any Squid-3.5
release, including the daily auto-generated code.
It looks to me like you are making the classic mistake of sending
traffic directly to the Squid intercept port.
To test an interceptor proxy you MUST have a client making normal
requests like you would see them do in production environment ...
directly to the HTTP(S) origin servers.
Let the intercept/NAT systems catch the traffic and deliver it to the
proxy - only then will that proxy have a chance at working as intended.