On Mon, 18 Apr 2011 12:27:32 -0400, Mohammad Fattahian wrote:
Hi,
I just configured transparent proxy to use in my network.
I assume you actually mean NAT interception...
I found HTTPS is not going through the proxy when it is transparet.
Yes. "transparent proxy" is a man-in-middle security attack.
The protection to prevent man-in-middle attacks working is called
HTTPS.
What should I do if I want to limit access to some HTTPS site?
* Configure your firewall to reject TCP port 443 to the IPs of the
website you want blocked.
In a non-intercepting proxy HTTPS travels through as a CONNECT method
request.
* Configure Squid to:
acl blockedWebsites dstdomain ...
http_access deny CONNECT blockedWebsites
Amos
