Re: [squid-users] GURU opinion required.

From: Nyamul Hassan <mnhassan_at_usa.net>
Date: Tue, 28 Apr 2009 22:36:36 +0600

To my understanding, HTTPS will not work with transparent interception in a
forward proxy setting.

Regards
HASSAN

----- Original Message -----
From: "goody goody" <thinkodd_at_yahoo.com>
To: <squid-users_at_squid-cache.org>
Cc: "Pandu E Poluan" <pandu_poluan_at_paninsekuritas.co.id>
Sent: Tuesday, April 28, 2009 17:13
Subject: Re: [squid-users] GURU opinion required.

Ok!

then what would i need to do in my ipfw to make things work accordingly. i
already have natd in place!!!

Thanks,

--- On Tue, 4/28/09, Pandu E Poluan <pandu_poluan_at_paninsekuritas.co.id>
wrote:

> From: Pandu E Poluan <pandu_poluan_at_paninsekuritas.co.id>
> Subject: Re: [squid-users] GURU opinion required.
> To: squid-users_at_squid-cache.org
> Date: Tuesday, April 28, 2009, 3:01 PM
> IMO, you got that wrong.
>
> Squid re-sends the https datagram in a wholly new packet,
> with Source IP
> Address is the squid's IP Address.
>
> I should know, for my firewall at my office totally block
> non-proxy
> addresses. Yet employees still can access Gmail and/or
> Yahoo!Mail (both
> of which use https for authentication purposes).
>
> As usual, CMIIW.
>
>
> Rgds,
>
>
> [p]
>
>
> goody goody wrote:
> > after going thru different articles and analyzing the
> behavior of squid 2.5 stable10 transparent proxy over
> freebsd machine, it is not possible that https requests are
> entertained in other words it simply means proxying will not
> be done for https traffic.
> >
> > now let's dvlvle in details.
> >
> > in case of transparent squid proxy whenever https
> traffic is passed through the proxy, proxy does not adds
> it's ip addres rather it forwards the packets with original
> client ip address located on internal network. the packets
> then finally are natted at the firewall with the public ip
> address, and operation successfully completes.
> >
> > but in my case my network colleagues who are managing
> firewall device have blocked any traffic originating from
> internal network and have only allowed proxy address hence
> any https traffic is blocked becoz they have the source
> address as internal address not of the proxy.
> >
> > as it should be, any traffic that leaves the proxy
> with the modified source address as of proxy address ,
> successfully completes the request.
> >
> > hence http traffic and https traffic with manual/force
> proxy works but transparent proxy with https traffic doesn't
> work.
> >
> > if i am wrong or there is any work around would be
> highly appreciated.
> >
> > Thanks in advance.
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> --
> *Pandu E Poluan*
> *Panin Sekuritas*
> IT Manager / Infrastructure & Audit
> Phone : +62-21-515-3055 ext 135
> Fax : +62-21-515-3061
> Mobile : +62-856-8400-426
> e-mail : pandu_poluan_at_paninsekuritas.co.id
> <mailto:pandu_poluan_at_paninsekuritas.co.id>
>
>
>
>
>
> Y!M : hands0me_irc
> MSN : si-ganteng_at_live.com
> GTalk : pandu.cakep_at_gmail.com
>
>
Received on Tue Apr 28 2009 - 16:37:06 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 28 2009 - 12:00:02 MDT