Search squid archive

Re: Transparent proxy with HTTPS on freebsd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Amos,

i say http works but https doesn't behind transparent proxy (no proxy details specified in browser) and this is simply I just want to achieve as some sites such as yahoo, gmail use https to connect to.

so if you guide my how can i configure squid to allow https sites to connect behind transparent proxy.

Further info regarding squid and bsd os is as follows.

squid version info

Squid Cache: Version 2.5.STABLE10
configure options:  --enable-storeio=diskd,ufs --enable-snmp --with-openssl=/opt/ssl '--enable-auth=basic ntlm' --enable-wccp '--enable-removal-policies=heap lru'

BSD OS Info

FreeBSD XXX 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Fri Mar 30 18:16:33 PKT 2007     root@xxxxxxxxxxxx:/usr/src/sys/i386/compile/BSD-ROUTER  i386

an early response would be very much appreciated.

Regards,


--- On Wed, 4/29/09, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

> From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
> Subject: Re:  Transparent proxy with HTTPS on freebsd
> To: "abdul sami" <sami.memon@xxxxxxxxx>
> Cc: squid-users@xxxxxxxxxxxxxxx
> Date: Wednesday, April 29, 2009, 1:49 PM
> abdul sami wrote:
> > Dear all,
> > 
> > subject settings doesn't work when i set the
> transparent proxy though
> > http traffic works. on analysis of traffic i have come
> to know that
> > proxy doesn't add it's source address to https traffic
> rather simply
> > forwards it with local net address to gateway/firewall
> device which
> > ultimately drops the packets.
> > 
> > any suggestion in shape of steps/article would be
> highly appreciated.
> > 
> > Regards,
> 
> Pardon?
>  HTTPS being transparently intercepted (miracle #1) and the
> users not phoning you about being attacked? (miracle #2).
> 
> HTTPS == HTTP via _secure_ SSL.
> transparent proxy == man-in-middle network attack on
> traffic.
> 
> HTTPS was created to prevent transparent interception
> amongst other things. So yes I'm not surprised it won't
> work.
> 
> What are you trying to achieve with this?
> 
> Amos
> -- Please be using
>   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>   Current Beta Squid 3.1.0.7
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux