Re: [squid-users] Transparent proxy with HTTPS on freebsd

Dear Amos, i say http works but https doesn't behind transparent proxy (no proxy details specified in browser) and this is simply I just want to achieve as some sites such as yahoo, gmail use https to connect to. so if you guide my how can i configure squid to allow https sites to connect behind transparent proxy. Further info regarding squid and bsd os is as follows. squid version info Squid Cache: Version 2.5.STABLE10 configure options: --enable-storeio=diskd,ufs --enable-snmp --with-openssl=/opt/ssl '--enable-auth=basic ntlm' --enable-wccp '--enable-removal-policies=heap lru' BSD OS Info FreeBSD XXX 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Fri Mar 30 18:16:33 PKT 2007 root_at_xxx.abc.com.:/usr/src/sys/i386/compile/BSD-ROUTER i386 an early response would be very much appreciated. Regards, --- On Wed, 4/29/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote: > From: Amos Jeffries <squid3_at_treenet.co.nz> > Subject: Re: [squid-users] Transparent proxy with HTTPS on freebsd > To: "abdul sami" <sami.memon_at_gmail.com> > Cc: squid-users_at_squid-cache.org > Date: Wednesday, April 29, 2009, 1:49 PM > abdul sami wrote: > > Dear all, > > > > subject settings doesn't work when i set the > transparent proxy though > > http traffic works. on analysis of traffic i have come > to know that > > proxy doesn't add it's source address to https traffic > rather simply > > forwards it with local net address to gateway/firewall > device which > > ultimately drops the packets. > > > > any suggestion in shape of steps/article would be > highly appreciated. > > > > Regards, > > Pardon? > HTTPS being transparently intercepted (miracle #1) and the > users not phoning you about being attacked? (miracle #2). > > HTTPS == HTTP via _secure_ SSL. > transparent proxy == man-in-middle network attack on > traffic. > > HTTPS was created to prevent transparent interception > amongst other things. So yes I'm not surprised it won't > work. > > What are you trying to achieve with this? > > Amos > -- Please be using >   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 >   Current Beta Squid 3.1.0.7 >
Received on Wed Apr 29 2009 - 11:30:46 MDT