On Fri, Mar 01, 2002 at 01:42:15PM +0600, MD. Tauhidul Islam wrote: > I have my proxy server proxy.musafir.com (192.168.1.1) running on port 3128 and I have used PAM > authentication module for proxy authentication. Its woks fine when I set proxy in browser. > Now I want to make it transperent proxy and redirect http requests ( port 80 ) to 3128 > so that my clients can be forced through proxy authentication. Afaik is it not possible to use squid with proxy authentication when it's running as a transparent proxy. > Does SSL work over Transproxy? http://www.squid-cache.org/Doc/FAQ/FAQ-1.html#ss1.12 ------------------------------------------------------------------------------ 1.12 Does Squid support SSL/HTTPS/TLS? Squid supports these encrypted protocols by ``tunelling'' traffic between clients and servers. Squid can relay the encrypted bits between a client and a server. Normally, when your browser comes across an https URL, it does one of two things: The browser opens an SSL connection directly to the origin server. The browser tunnels the request through Squid with the CONNECT request method. The CONNECT method is a way to tunnel any kind of connection through an HTTP proxy. The proxy doesn't understand or interpret the contents. It just passes bytes back and forth between the client and server. For the gory details on tunnelling and the CONNECT method, please see RFC 2817 and Tunneling TCP based protocols through Web proxy servers (expired). Squid can not (yet) encrypt or decrypt such connections, however. Some folks are working on a patch, using OpenSSL, that allows Squid to do this. ------------------------------------------------------------------------------ With best regards Hans -- Work: Consultant with Linux Consulting Europe <h.picht@lnxce.net> http://www.lnxce.net Vogelhecke 2 D - 35447 Reiskirchen Tel: +491751629201 Fax: +49640862649 Germany Private: hans@picht.org ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
