RE: [squid-users] can any transparent mode handle SSL and FTP for access control

Thanks Adrian, I understand. Could you expand at on "hacking up squid"?
I have an immediate need for access control of all web requests,
including SSL. I know that if I set it in the browser, squid handles
all connections, including web, ssl, and ftp without a problem. So my
real question is, if squid can (obviously) handle this traffic, can it
be done in a transparent way instead of having to modify the browser. I
think I need more education on how the packets are presented to squid in
transparent vs. browser-based mode - browser-based sends everything via
3128, so squid gets it on port 3128 - couldn't I just do another NAT
using iptables for this, and point 443 and 21 to 3128 as well as the
current 80?

Thanks again,
Shaun

-----Original Message-----
From: Adrian Chadd [mailto:adrian@creative.net.au]
Sent: Monday, December 11, 2006 8:17 AM
To: Shaun Skillin (home)
Cc: Squid Users
Subject: Re: [squid-users] can any transparent mode handle SSL and FTP
for access control

On Mon, Dec 11, 2006, Shaun Skillin (home) wrote:

> I have squid working fine for HTTP traffic using WCCPv2, and have used
> it with policy routing without issue. I know that squid can't cache
SSL
> connections, but is there a way (in a transparent mode, not
configuring
> each browser) to use squid for access control of SSL and FTP
> connections?

I've got some ideas for doing SSL access control (based on just
source/destination
IPs for the time being) for WCCPv2-intercepted SSL in client-ip-spoofing
modes
(eg with TPROXY.)

But it first requires a better WCCPv2 implementation, so I'm working on
that in
my spare time.

So, the answer atm is "not without hacking up Squid"..

Adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid
Support -