Tks for your info Amos.
Amos Jeffries wrote:
On Mon, 15 Mar 2010 14:50:54 -0300, Leonardo Carneiro - Veltrac
<lscarneiro@xxxxxxxxxxxxxx> wrote:
I have always read that transparent proxy + https was not possible.
It is now? There is a stable squid version with this feature? There aew
any major drawbacks using this feature?
Tks in advance.
Sadly, yes it's now possible. No there is not yet a stable version of
Squid to do it.
Yes there are still some limits thankfully:
1) it is only useful for corporate environments which closely monitor
their own staff.
1b) has some use catching viruses etc if thats whats monitored for. It
is a slippery slope problem.
2) it does not work for ISP setups.
3) requires a CA certificate on all client machines, which authorizes the
proxy fake certificates.
4) does not work for any hidden-mole attacks (they are still invisible
and actually gain extra info about the network from the certificate
challenges).
Amos
Henrik K wrote:
On Mon, Mar 15, 2010 at 12:30:11PM +0100, Stefan Reible wrote:
PS: I have an secound problem with downloading big files, is it
possilbe
to send any infos about the download progress to the webbrowser? Like
opening an ajax script or something else.
If you don't want this limitation, you can use HAVP. It scans the file
while
it's being transferred to client, while keeping small part of it
buffered
(in case of virus, it is not transferred so client can't open
incomplete
file). It's as close to transparent as you can get.
