Ok! then what would i need to do in my ipfw to make things work accordingly. i already have natd in place!!! Thanks, --- On Tue, 4/28/09, Pandu E Poluan <pandu_poluan@xxxxxxxxxxxxxxxxxxxx> wrote: > From: Pandu E Poluan <pandu_poluan@xxxxxxxxxxxxxxxxxxxx> > Subject: Re: GURU opinion required. > To: squid-users@xxxxxxxxxxxxxxx > Date: Tuesday, April 28, 2009, 3:01 PM > IMO, you got that wrong. > > Squid re-sends the https datagram in a wholly new packet, > with Source IP > Address is the squid's IP Address. > > I should know, for my firewall at my office totally block > non-proxy > addresses. Yet employees still can access Gmail and/or > Yahoo!Mail (both > of which use https for authentication purposes). > > As usual, CMIIW. > > > Rgds, > > > [p] > > > goody goody wrote: > > after going thru different articles and analyzing the > behavior of squid 2.5 stable10 transparent proxy over > freebsd machine, it is not possible that https requests are > entertained in other words it simply means proxying will not > be done for https traffic. > > > > now let's dvlvle in details. > > > > in case of transparent squid proxy whenever https > traffic is passed through the proxy, proxy does not adds > it's ip addres rather it forwards the packets with original > client ip address located on internal network. the packets > then finally are natted at the firewall with the public ip > address, and operation successfully completes. > > > > but in my case my network colleagues who are managing > firewall device have blocked any traffic originating from > internal network and have only allowed proxy address hence > any https traffic is blocked becoz they have the source > address as internal address not of the proxy. > > > > as it should be, any traffic that leaves the proxy > with the modified source address as of proxy address , > successfully completes the request. > > > > hence http traffic and https traffic with manual/force > proxy works but transparent proxy with https traffic doesn't > work. > > > > if i am wrong or there is any work around would be > highly appreciated. > > > > Thanks in advance. > > > > > > > > > > > > > > > > > > > > -- > *Pandu E Poluan* > *Panin Sekuritas* > IT Manager / Infrastructure & Audit > Phone : +62-21-515-3055 ext 135 > Fax : +62-21-515-3061 > Mobile : +62-856-8400-426 > e-mail : pandu_poluan@xxxxxxxxxxxxxxxxxxxx > <mailto:pandu_poluan@xxxxxxxxxxxxxxxxxxxx> > > > > > > Y!M : hands0me_irc > MSN : si-ganteng@xxxxxxxx > GTalk : pandu.cakep@xxxxxxxxx > >
