RE: [squid-users] Squid on transparent proxy for 443 request

From: Jorge Bastos <mysql.jorge_at_decimal.pt>
Date: Sun, 26 Apr 2009 16:36:31 +0100

Oh I see,
I won't bother then, was just for a experience.
But anyway, since I'm only passing traffic from 80 through squid, I want to
add 443 traffic also.
What aspects do I have to concerns about this, on how to active transparent
mode for 443?

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: domingo, 26 de Abril de 2009 1:56
> To: Jorge Bastos
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Squid on transparent proxy for 443 request
>
> Jorge Bastos wrote:
> > Hi there,
> > What are the concerns that I need to have to make squid act as a
> transrent
> > proxy on port 443?
> > I need to catch the data that is being sent from a website that works
> under
> > https, is it possible? Data
> >
> > Right now I only use it for standard port 80.
> >
>
> Not possible. HTTPS guarantees the client can see 100% of the machines
> for itself to the source.
>
> One user has recently pointed out that redirecting HTTPS URL's to a
> local domain reverse-proxied by Squid might work though. The client
> believes and accepts Squid credentials as its proper destination site
> and Squid handles decryption->re-encryption going HTTPS to the remote
> site.
>
> That is very similar to how SSLBump works with CONNECT requests in 3.1.
> But may get past the invalid certificate issues.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
> Current Beta Squid 3.1.0.7
Received on Sun Apr 26 2009 - 15:36:26 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 27 2009 - 12:00:02 MDT