Search squid archive

Re: transperate proxy with https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 14 Sep 2009 21:27:15 -0500 (CDT), Al - Image Hosting Services
<azick@xxxxxxxxxxxxxxxxxxxx> wrote:
> Hi,
> 
> I ran into basically the same issue with https. If https requests are
just 
> rerouted to squid then it doesn't work. It looks like the browser sends 
> the request encrypted when just routed to the proxy and it looks like it 
> sends the request plain text when you have the browser configured to use 
> the proxy. Can someone confirm this? And if this is the case, is there a 
> way to use a transparent proxy with https?

Correct. The 'S' in HTTPS is for 'Secure' or 'SSL' (same meaning).  It was
designed specifically to prevent interception attacks on HTTP traffic.  One
guess what transparent proxy does?

To perform HTTPS interception you require software to do the interception
(Squid + NAT). Install a SSL certificate in the Squid to name it the
authoritative web server for every domain on the planet. Install another
SSL certificate in the web browser of every visitor to let the clients web
browser believe the false certificate you installed in the Squid. ...or
trust that all your clients/visitors will simply click okay/accept at the
security attack warning they get faced with.

Done. You are now committing a felony crime in most countries. But never
mind that.

Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux