>You seem to be speaking of a interception gateway filter. > >SSL was designed to prevent man-in-the-middle attacks (aka interception) >from being done. Mayby i sayd wrong - i do not want intercept , but only decise wchich host can connect >This is not possible. The URL is inside the encryption. You must decrypt >the traffic in order to even see the URL. I do not want filter all url , only host, if host is encrypte how routers know whith host connect? >Also, you have already intercepted it. Simply by passing the packets to >Squid in the first place you are violating the TCP connection layers >guarantee of delivery to the original destination. Ya , i lookung a way to bypass that hmm maybe i need configure firewall in other way to do that >Then use WPAD on your network and configure the browser to >"auto-detect". The browser can then be moved between networks without >any further configurations and will use whatever proxy it can find with >WPAD/PAC on wherever it gets plugged in. Like i sayed i not want configure anything in broswer , thats why i looking for proxy transparent way >The best you are going to get is session *authorization* based on some >non-login criteria. >WPAD and PAC. That avoids the firewall load doubling, allows proper >authentication, allows SSL processing by Squid, and leaves the browser >able to be moved seamlessly between networks. >Amos I will rethink about that solutions, but still looking for not scripted way
