On 12 Apr 2006, at 06:49 , Dwayne Hottinger wrote:
Sirs,
I would like to have all internet requests go through my proxy
server. My
firewall now redirects all port 80 requests to my proxy server, I
would like to
have port 443 requests go their also, because my filtering software
resides on
the proxy server, and to get around the filter, all one has to do
is use https:
and they are no longer subject to the rules. I read through the
faq on https:
and it doesnt look like this is what I want. I added a rule to my
firewall to
redirect port 443 traffic to my proxy server and it doesnt seem to
work
(timeouts), plus I have nothing in either cache.log or access.log
to indicate
that https: traffic is connecting. Do I have to do another build
of squid and
--enable-https: or is this only for reverse proxy for my internal
servers? Or
can I add an acl to address https traffic and if so, what? I am
running Squid
Cache: Version 2.5.STABLE6
configure options: --enable-storeio=diskd,ufs --enable-
smartfilter. Redhat
linux 8 kernel 2.4.19.
Dwayne:
This is not going to work. The only time that anything will be
visible is during the initial establishment of the SSL connection
between the client (browser) and the server. After the SSL
connection is established, the HTTP request from the client and the
HTTP response from the server are encrypted. You won't be able to
apply your filtering rules.
I am not part of the Squid development team and haven't used the
HTTPS features. This feature only makes sense when Squid is being
used as a front-end to a server where the SSL connection is being
established between the client and the Squid proxy server with
communications between the Squid proxy server and the HTTP server
being performed without encryption.
I'm sure that the Squid development team will correct me if I am wrong.
Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxx
