Mikio Kishi wrote:
Hi, Amos
HTTPS encrypted traffic cannot be intercepted.
Yes, I know that. but, in this case, not "transparent".
(1) (2)
| |
+------+ | +------------+ | +---------+
|WWW +---+ | | +----+ WWW |
|Client|.2 | .1| squid |.1 | .2| Server |
+------+ +-----+ + tproxy +----+ |(tcp/443)|
| | (tcp/8080) | | |(tcp/80) |
| +------------+ | +---------+
192.168.0.0/24 10.0.0.0/24
(1) 192.168.0.2 ------> 192.168.0.1:8080
^^^^^
(2) 192.168.0.2 ------> 10.0.0.2:443
^^^
Just only thing I'd like to do is "source address spoofing"
using tproxy.
Does that make sense ?
No. Squid is perfectly capable of making HTTPS links outbound without
tproxy. The far end only knows that some client connected.
HTTPS cannot be spoofed, its part of the security involved with the SSL
layer.
What exactly are you trying to achieve with this?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6
