I'm investigating using squid with ICAP to authenticate inbound HTTPS connections. Basically, we'd want to run squid as part of a man-in-the-middle attack against our own web servers. To do this we need to run as a transparent proxy and be able to present a wildcard SSL certificate for our domain, negotiate SSL, then send the HTTP request header off to an ICAP server that checks for our magic cookie; if not present the client will be redirected to an authentication page, if present, traffic would be passed. We would also need to establish an SSL connection to the real server, posing as the client. Can squid do this? If not, would it be difficult to hook custom code into squid's input and output mechanisms to do the kooky SSL tricks detailed above? I'd like to avoid doing Linux iptables tricks, if possible. Thanks in advance for any guidance, Neale Pickett CTN-5 Network Engineering Los Alamos National Laboratory
