On Tue, 24 Aug 2010 16:28:29 +0000, Mamadou Touré <e2ia.ci@xxxxxxxxx> wrote: > Hi i'd like to know if it is possible to make a transparent proxy of > https traffric with squid and tproxy. > regards. It is possible to use TPROXY to pass HTTPS traffic to a listening port on Squid, just as it was possible with NAT and WCCP. Squid will currently not relay raw bytes on without confirmation of the traffic type and security controls for you the admin to block if it's bad. SSL also ensures/requires end-to-end security by embeding details about the TCP link into the keys used across it. Committing MITM attack as well as decryption attack is an outright crime in many places around the world. NP: ssl-bump feature dodges around these crime aspects by only working for CONNECT requests where the client is well aware its using a proxy and is configured to trust the proxy certificates it receives back from the decryption. Amos