Goody, if you simply want to have http and https go through the same unix box, you can use squid for http and a port forwarding (for example using iptables) for https. Regards, Stefan nyoman karna wrote: > nope, > you can NOT use transparent proxy for HTTPS. > > since using transparent proxy for HTTPS > will be considered as man-in-the-middle attack. > > you probably may use PAC (as Amos suggested) > but IMO it ruin the basic idea of using transparent proxy > (which is user does not need to put any setting in their browser) > > ------------------------ > Nyoman Bogi Aditya Karna > IM Telkom > http://www.imtelkom.ac.id > ------------------------ > > > > --- On Wed, 4/29/09, goody goody <thinkodd@xxxxxxxxx> wrote: > >> From: goody goody <thinkodd@xxxxxxxxx> >> Subject: Re: Transparent proxy with HTTPS on freebsd >> To: squid-users@xxxxxxxxxxxxxxx >> Cc: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> >> Date: Wednesday, April 29, 2009, 7:30 AM >> >> Dear Amos, >> >> i say http works but https doesn't behind transparent proxy >> (no proxy details specified in browser) and this is simply I >> just want to achieve as some sites such as yahoo, gmail use >> https to connect to. >> >> so if you guide my how can i configure squid to allow https >> sites to connect behind transparent proxy. >> >> Further info regarding squid and bsd os is as follows. >> >> squid version info >> >> Squid Cache: Version 2.5.STABLE10 >> configure options: --enable-storeio=diskd,ufs >> --enable-snmp --with-openssl=/opt/ssl '--enable-auth=basic >> ntlm' --enable-wccp '--enable-removal-policies=heap lru' >> >> BSD OS Info >> >> FreeBSD XXX 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Fri Mar 30 >> 18:16:33 PKT 2007 root@xxxxxxxxxxxx:/usr/src/sys/i386/compile/BSD-ROUTER >> i386 >> >> an early response would be very much appreciated. >> >> Regards, >> >> >> --- On Wed, 4/29/09, Amos Jeffries <squid3@xxxxxxxxxxxxx> >> wrote: >> >>> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> >>> Subject: Re: Transparent proxy with >> HTTPS on freebsd >>> To: "abdul sami" <sami.memon@xxxxxxxxx> >>> Cc: squid-users@xxxxxxxxxxxxxxx >>> Date: Wednesday, April 29, 2009, 1:49 PM >>> abdul sami wrote: >>>> Dear all, >>>> >>>> subject settings doesn't work when i set the >>> transparent proxy though >>>> http traffic works. on analysis of traffic i have >> come >>> to know that >>>> proxy doesn't add it's source address to https >> traffic >>> rather simply >>>> forwards it with local net address to >> gateway/firewall >>> device which >>>> ultimately drops the packets. >>>> >>>> any suggestion in shape of steps/article would >> be >>> highly appreciated. >>>> Regards, >>> Pardon? >>> HTTPS being transparently intercepted (miracle >> #1) and the >>> users not phoning you about being attacked? (miracle >> #2). >>> HTTPS == HTTP via _secure_ SSL. >>> transparent proxy == man-in-middle network attack on >>> traffic. >>> >>> HTTPS was created to prevent transparent interception >>> amongst other things. So yes I'm not surprised it >> won't >>> work. >>> >>> What are you trying to achieve with this? >>> >>> Amos >>> -- Please be using >>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 >>> Current Beta Squid 3.1.0.7 >>> >> >> >> > > > > > -- 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0 --- OnlineDienst Nordbayern | http://www.odn.de/ | Internet-Systemhaus GmbH & Co.KG | E-Mail: hartm@xxxxxx | Hosting, Housing Steinstr. 19 | Tel: 0911 / 933877-0 | Consulting, VoIP 90419 Nuernberg - Germany | Fax: 0911 / 933877-55 | Programmierung GF Christiane Teichgräber | AG Nürnberg HRA 13304 |
Attachment:
signature.asc
Description: OpenPGP digital signature
