Re: [squid-users] transparent squid + clamav + https

From: Leonardo Carneiro - Veltrac <lscarneiro_at_veltrac.com.br>
Date: Tue, 16 Mar 2010 08:30:56 -0300

Tks for your info Amos.

Amos Jeffries wrote:
> On Mon, 15 Mar 2010 14:50:54 -0300, Leonardo Carneiro - Veltrac
> <lscarneiro_at_veltrac.com.br> wrote:
>
>> I have always read that transparent proxy + https was not possible.
>> It is now? There is a stable squid version with this feature? There aew
>> any major drawbacks using this feature?
>>
>> Tks in advance.
>>
>>
>
> Sadly, yes it's now possible. No there is not yet a stable version of
> Squid to do it.
>
> Yes there are still some limits thankfully:
> 1) it is only useful for corporate environments which closely monitor
> their own staff.
> 1b) has some use catching viruses etc if thats whats monitored for. It
> is a slippery slope problem.
> 2) it does not work for ISP setups.
> 3) requires a CA certificate on all client machines, which authorizes the
> proxy fake certificates.
> 4) does not work for any hidden-mole attacks (they are still invisible
> and actually gain extra info about the network from the certificate
> challenges).
>
> Amos
>
>
>> Henrik K wrote:
>>
>>> On Mon, Mar 15, 2010 at 12:30:11PM +0100, Stefan Reible wrote:
>>>
>>>
>>>> PS: I have an secound problem with downloading big files, is it
>>>> possilbe
>>>> to send any infos about the download progress to the webbrowser? Like
>>>> opening an ajax script or something else.
>>>>
>>>>
>>> If you don't want this limitation, you can use HAVP. It scans the file
>>> while
>>> it's being transferred to client, while keeping small part of it
>>>
> buffered
>
>>> (in case of virus, it is not transferred so client can't open
>>>
> incomplete
>
>>> file). It's as close to transparent as you can get.
>>>
>>>
>>>
>>>
>
>
Received on Tue Mar 16 2010 - 11:30:08 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 12:00:03 MDT