> Just a question Nipu, > > what are real benefits to use "Tproxy" instead just set an iptables > rules and set squid as transparent mode ? > > Actually, I was referring squid with tproxy, where we configure squid something like as given below: http_port 85 tproxy http_port 86 ssl-bump cert=/extra/squid/etc/Centos6.0.pem tproxy Yes, we need the iptables rules and squid has to listen transparently on some ports. But, here squid is supposed the spoof the client IP and the root web servers should not see the client (http client machine) IP. But that is not happening. Secondly, it doesn't work with HTTPs traffic. transparent proxy should be able to transparently send and receive data without the client and servers being aware of a proxy in between. If the web server sees the squid IP in stead of the client IP, then I think, it is not fully transparent. -Nipun On Wed, Oct 12, 2011 at 2:15 PM, David Touzeau <david@xxxxxxxxxx> wrote: > Le mercredi 12 octobre 2011 à 09:46 +0530, nipun_mlist Assam a écrit : >> Squid in tproxy mode, doesn't work with HTTPS most probably. Secondly, >> it doesn't spoof the client IP. I have fixed the issues for my work. >> But wondering if the fix is already available somewhere. >> -Nipu >> >> On Tue, Oct 11, 2011 at 4:32 PM, David Touzeau <david@xxxxxxxxxx> wrote: >> > Le mardi 11 octobre 2011 à 11:50 +0200, Fred B a écrit : >> >> ----- "David Touzeau" <david@xxxxxxxxxx> a écrit : >> >> >> >> > Dear all >> >> > >> >> > I would like to know what are the limitations using squid in >> >> > transparent >> >> > mode between using squid in standard mode >> >> > >> >> > I know there are >> >> > >> >> > Transparent mode limitations : >> >> > No user authentication method. >> >> > No all HTTPS features. >> >> > >> >> > Is someone know what are others limitations ? >> >> > >> >> > Best regards. >> >> >> >> Hi David >> >> >> >> See http://wiki.squid-cache.org/SquidFaq/InterceptionProxy -> Concepts of Interception Caching >> >> >> >> Fred >> > >> > >> > Thanks Fred, this is what i would like to find ! >> > >> > > > > Just a question Nipu, > > what are real benefits to use "Tproxy" instead just set an iptables > rules and set squid as transparent mode ? > >
