On Mon, 15 Mar 2010 14:50:54 -0300, Leonardo Carneiro - Veltrac
<lscarneiro_at_veltrac.com.br> wrote:
> I have always read that transparent proxy + https was not possible.
> It is now? There is a stable squid version with this feature? There aew
> any major drawbacks using this feature?
>
> Tks in advance.
>
Sadly, yes it's now possible. No there is not yet a stable version of
Squid to do it.
Yes there are still some limits thankfully:
1) it is only useful for corporate environments which closely monitor
their own staff.
1b) has some use catching viruses etc if thats whats monitored for. It
is a slippery slope problem.
2) it does not work for ISP setups.
3) requires a CA certificate on all client machines, which authorizes the
proxy fake certificates.
4) does not work for any hidden-mole attacks (they are still invisible
and actually gain extra info about the network from the certificate
challenges).
Amos
>
> Henrik K wrote:
>> On Mon, Mar 15, 2010 at 12:30:11PM +0100, Stefan Reible wrote:
>>
>>> PS: I have an secound problem with downloading big files, is it
>>> possilbe
>>> to send any infos about the download progress to the webbrowser? Like
>>> opening an ajax script or something else.
>>>
>>
>> If you don't want this limitation, you can use HAVP. It scans the file
>> while
>> it's being transferred to client, while keeping small part of it
buffered
>> (in case of virus, it is not transferred so client can't open
incomplete
>> file). It's as close to transparent as you can get.
>>
>>
>>
Received on Mon Mar 15 2010 - 23:38:52 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 12:00:03 MDT