On Wed, Jun 28, 2006 at 11:07:01AM -0700, Aaron Gray wrote: > I have squid working perfectly as a caching proxy server. > If I access my squid proxy server from a network that has some kind of > "sniffing" software, they can see the headers are HTTP headers (even though > it is on a weird port) and still identify where your going and read all the > plain text HTML. > > Is there any way to make it so that when I connect to the squid proxy and > authenticate (which I require based on my ACL) that it creates a SSL > connection (or something similar) to where all traffic is encrypted even if > the destination page is not a https website? I want to hide the plain text. as others have suggested, you can use an SSL tunnel for this application. You could also use SSH's port forwarding facilities. However, note that this will not prevent an attacker with access to the network from discovering that you are using HTTP -- the pattern and timing of requests sent and replies received is likely to be quite characteristic of the protocol. This sort of traffic analysis will not reveal which web pages you are viewing (unless your client leaks that information in other ways, for instance by doing DNS queries for them) but it will reveal that you're using HTTP, or another similar protocol. -- ``My teacher's face when he worked out what I was doing was a picture. A picture of howling existential despair. So no change there, then.'' (Dominic Fox, on abbreviations)
