First of all let me Thank you v much to all for replies. i am searching/reading for PAC / port forwarding for squid on FreeBSD, but it would be grateful to me if you provide me an example/source. again i repeat i only want to allow https site like (gmail, yahoo) behind my transparent proxy to work. With Regards, .Goody. On Wed, Apr 29, 2009 at 7:03 PM, Stefan Hartmann <hartm@xxxxxx> wrote: > Goody, > > if you simply want to have http and https go through the same unix box, > you can use squid for http and a port forwarding (for example using > iptables) for https. > > Regards, > Stefan > > > nyoman karna wrote: >> nope, >> you can NOT use transparent proxy for HTTPS. >> >> since using transparent proxy for HTTPS >> will be considered as man-in-the-middle attack. >> >> you probably may use PAC (as Amos suggested) >> but IMO it ruin the basic idea of using transparent proxy >> (which is user does not need to put any setting in their browser) >> >> ------------------------ >> Nyoman Bogi Aditya Karna >> IM Telkom >> http://www.imtelkom.ac.id >> ------------------------ >> >> >> >> --- On Wed, 4/29/09, goody goody <thinkodd@xxxxxxxxx> wrote: >> >>> From: goody goody <thinkodd@xxxxxxxxx> >>> Subject: Re: Transparent proxy with HTTPS on freebsd >>> To: squid-users@xxxxxxxxxxxxxxx >>> Cc: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> >>> Date: Wednesday, April 29, 2009, 7:30 AM >>> >>> Dear Amos, >>> >>> i say http works but https doesn't behind transparent proxy >>> (no proxy details specified in browser) and this is simply I >>> just want to achieve as some sites such as yahoo, gmail use >>> https to connect to. >>> >>> so if you guide my how can i configure squid to allow https >>> sites to connect behind transparent proxy. >>> >>> Further info regarding squid and bsd os is as follows. >>> >>> squid version info >>> >>> Squid Cache: Version 2.5.STABLE10 >>> configure options: --enable-storeio=diskd,ufs >>> --enable-snmp --with-openssl=/opt/ssl '--enable-auth=basic >>> ntlm' --enable-wccp '--enable-removal-policies=heap lru' >>> >>> BSD OS Info >>> >>> FreeBSD XXX 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Fri Mar 30 >>> 18:16:33 PKT 2007 root@xxxxxxxxxxxx:/usr/src/sys/i386/compile/BSD-ROUTER >>> i386 >>> >>> an early response would be very much appreciated. >>> >>> Regards, >>> >>> >>> --- On Wed, 4/29/09, Amos Jeffries <squid3@xxxxxxxxxxxxx> >>> wrote: >>> >>>> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> >>>> Subject: Re: Transparent proxy with >>> HTTPS on freebsd >>>> To: "abdul sami" <sami.memon@xxxxxxxxx> >>>> Cc: squid-users@xxxxxxxxxxxxxxx >>>> Date: Wednesday, April 29, 2009, 1:49 PM >>>> abdul sami wrote: >>>>> Dear all, >>>>> >>>>> subject settings doesn't work when i set the >>>> transparent proxy though >>>>> http traffic works. on analysis of traffic i have >>> come >>>> to know that >>>>> proxy doesn't add it's source address to https >>> traffic >>>> rather simply >>>>> forwards it with local net address to >>> gateway/firewall >>>> device which >>>>> ultimately drops the packets. >>>>> >>>>> any suggestion in shape of steps/article would >>> be >>>> highly appreciated. >>>>> Regards, >>>> Pardon? >>>> HTTPS being transparently intercepted (miracle >>> #1) and the >>>> users not phoning you about being attacked? (miracle >>> #2). >>>> HTTPS == HTTP via _secure_ SSL. >>>> transparent proxy == man-in-middle network attack on >>>> traffic. >>>> >>>> HTTPS was created to prevent transparent interception >>>> amongst other things. So yes I'm not surprised it >>> won't >>>> work. >>>> >>>> What are you trying to achieve with this? >>>> >>>> Amos >>>> -- Please be using >>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 >>>> Current Beta Squid 3.1.0.7 >>>> >>> >>> >>> >> >> >> >> >> > > -- > 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0 > --- > OnlineDienst Nordbayern | http://www.odn.de/ | Internet-Systemhaus > GmbH & Co.KG | E-Mail: hartm@xxxxxx | Hosting, Housing > Steinstr. 19 | Tel: 0911 / 933877-0 | Consulting, VoIP > 90419 Nuernberg - Germany | Fax: 0911 / 933877-55 | Programmierung > GF Christiane Teichgräber | AG Nürnberg HRA 13304 | > >
