Le mercredi 12 octobre 2011 à 16:27 +0530, nipun_mlist Assam a écrit : > > Just a question Nipu, > > > > what are real benefits to use "Tproxy" instead just set an iptables > > rules and set squid as transparent mode ? > > > > > Actually, I was referring squid with tproxy, where we configure squid > something like as given below: > http_port 85 tproxy > http_port 86 ssl-bump cert=/extra/squid/etc/Centos6.0.pem tproxy > > Yes, we need the iptables rules and squid has to listen transparently > on some ports. > But, here squid is supposed the spoof the client IP and the root web > servers should not see the client (http client machine) IP. But that > is not happening. > Secondly, it doesn't work with HTTPs traffic. > > transparent proxy should be able to transparently send and receive > data without the client and servers being aware of a proxy in between. > If the web server sees the squid IP in stead of the client IP, then I > think, it is not fully transparent. > > -Nipun > > On Wed, Oct 12, 2011 at 2:15 PM, David Touzeau <david@xxxxxxxxxx> wrote: > > Le mercredi 12 octobre 2011 à 09:46 +0530, nipun_mlist Assam a écrit : > >> Squid in tproxy mode, doesn't work with HTTPS most probably. Secondly, > >> it doesn't spoof the client IP. I have fixed the issues for my work. > >> But wondering if the fix is already available somewhere. > >> -Nipu > >> > >> On Tue, Oct 11, 2011 at 4:32 PM, David Touzeau <david@xxxxxxxxxx> wrote: > >> > Le mardi 11 octobre 2011 à 11:50 +0200, Fred B a écrit : > >> >> ----- "David Touzeau" <david@xxxxxxxxxx> a écrit : > >> >> > >> >> > Dear all > >> >> > > >> >> > I would like to know what are the limitations using squid in > >> >> > transparent > >> >> > mode between using squid in standard mode > >> >> > > >> >> > I know there are > >> >> > > >> >> > Transparent mode limitations : > >> >> > No user authentication method. > >> >> > No all HTTPS features. > >> >> > > >> >> > Is someone know what are others limitations ? > >> >> > > >> >> > Best regards. > >> >> > >> >> Hi David > >> >> > >> >> See http://wiki.squid-cache.org/SquidFaq/InterceptionProxy -> Concepts of Interception Caching > >> >> > >> >> Fred > >> > > >> > > >> > Thanks Fred, this is what i would like to find ! > >> > > >> > > > > > > > Just a question Nipu, > > > > what are real benefits to use "Tproxy" instead just set an iptables > > rules and set squid as transparent mode ? > > > > But what are impacts between this http_port 85 tproxy against this http_port 85 transparent
