On Mon, 15 Mar 2010 14:50:54 -0300, Leonardo Carneiro - Veltrac <lscarneiro@xxxxxxxxxxxxxx> wrote: > I have always read that transparent proxy + https was not possible. > It is now? There is a stable squid version with this feature? There aew > any major drawbacks using this feature? > > Tks in advance. > Sadly, yes it's now possible. No there is not yet a stable version of Squid to do it. Yes there are still some limits thankfully: 1) it is only useful for corporate environments which closely monitor their own staff. 1b) has some use catching viruses etc if thats whats monitored for. It is a slippery slope problem. 2) it does not work for ISP setups. 3) requires a CA certificate on all client machines, which authorizes the proxy fake certificates. 4) does not work for any hidden-mole attacks (they are still invisible and actually gain extra info about the network from the certificate challenges). Amos > > Henrik K wrote: >> On Mon, Mar 15, 2010 at 12:30:11PM +0100, Stefan Reible wrote: >> >>> PS: I have an secound problem with downloading big files, is it >>> possilbe >>> to send any infos about the download progress to the webbrowser? Like >>> opening an ajax script or something else. >>> >> >> If you don't want this limitation, you can use HAVP. It scans the file >> while >> it's being transferred to client, while keeping small part of it buffered >> (in case of virus, it is not transferred so client can't open incomplete >> file). It's as close to transparent as you can get. >> >> >>
