Thanks Adrian, I understand. Could you expand at on "hacking up squid"? I have an immediate need for access control of all web requests, including SSL. I know that if I set it in the browser, squid handles all connections, including web, ssl, and ftp without a problem. So my real question is, if squid can (obviously) handle this traffic, can it be done in a transparent way instead of having to modify the browser. I think I need more education on how the packets are presented to squid in transparent vs. browser-based mode - browser-based sends everything via 3128, so squid gets it on port 3128 - couldn't I just do another NAT using iptables for this, and point 443 and 21 to 3128 as well as the current 80? Thanks again, Shaun -----Original Message----- From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] Sent: Monday, December 11, 2006 8:17 AM To: Shaun Skillin (home) Cc: Squid Users Subject: Re: can any transparent mode handle SSL and FTP for access control On Mon, Dec 11, 2006, Shaun Skillin (home) wrote: > I have squid working fine for HTTP traffic using WCCPv2, and have used > it with policy routing without issue. I know that squid can't cache SSL > connections, but is there a way (in a transparent mode, not configuring > each browser) to use squid for access control of SSL and FTP > connections? I've got some ideas for doing SSL access control (based on just source/destination IPs for the time being) for WCCPv2-intercepted SSL in client-ip-spoofing modes (eg with TPROXY.) But it first requires a better WCCPv2 implementation, so I'm working on that in my spare time. So, the answer atm is "not without hacking up Squid".. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
