Search squid archive

Transparent proxying of https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm wanting to know whether this is a capability of squid, or if anyone knows another FOSS product that can do it.

The scenario:

I have an upstream firewall and proxy that I do not control, and the only access to the internet is via the proxy, which uses proxy basic authentication (and is probably running squid).

I am running my own copy of squid on the network, passing through proxy authentication credentials to the upstream proxy.

Some devices (android phones mostly) on the local network don't have a facility to specify a proxy server. For these devices, I intercept the http traffic at my squid box and send it to the upstream proxy with squid supplying a generic proxy password to the upstream proxy.

The upstream proxy is represented by two different cache_peer lines in the config; the one used is selected by ACLs.

This all works very well for http. However, I would like to do the same for https traffic. This should be quite do-able, but as far as I can tell squid can't do this?

HTTPs traffic could be intercepted by iptables and sent to a port on which squid listens. Squid can find the original intended destination IP via a syscall, then supply the generic password to the upstream proxy and use a CONNECT to connect through to that address. Squid would not need to be "in the middle" and deal with decryption/encryption, it would simply pass through the data as it does when set as an https proxy in the normal case.

Can squid be configured to do this?  What other options are there?

Cheers,
Alex


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux