I have used SSH port forwarding in the past and it was pretty slick. I remember when it was only supported by the retail SSH not OpenSSH. It may be supported now. How can that be used though to connect my outside network to my proxy and keep it encrypted? The OS being used by the client is WinXP with either IE or FireFox connecting to Linux w/ squid 2.2 stable. -----Original Message----- From: Chris Lightfoot [mailto:chris@xxxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Chris Lightfoot Sent: Wednesday, June 28, 2006 4:01 PM To: Aaron Gray Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Squid use SSL ALWAYS? On Wed, Jun 28, 2006 at 11:07:01AM -0700, Aaron Gray wrote: > I have squid working perfectly as a caching proxy server. > If I access my squid proxy server from a network that has some kind of > "sniffing" software, they can see the headers are HTTP headers (even though > it is on a weird port) and still identify where your going and read all the > plain text HTML. > > Is there any way to make it so that when I connect to the squid proxy and > authenticate (which I require based on my ACL) that it creates a SSL > connection (or something similar) to where all traffic is encrypted even if > the destination page is not a https website? I want to hide the plain text. as others have suggested, you can use an SSL tunnel for this application. You could also use SSH's port forwarding facilities. However, note that this will not prevent an attacker with access to the network from discovering that you are using HTTP -- the pattern and timing of requests sent and replies received is likely to be quite characteristic of the protocol. This sort of traffic analysis will not reveal which web pages you are viewing (unless your client leaks that information in other ways, for instance by doing DNS queries for them) but it will reveal that you're using HTTP, or another similar protocol. -- ``My teacher's face when he worked out what I was doing was a picture. A picture of howling existential despair. So no change there, then.'' (Dominic Fox, on abbreviations)
