Re: [squid-users] https in transparent mode

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 14 Oct 2009 13:22:48 +1300

On Tue, 13 Oct 2009 18:28:15 -0500, Andres Salazar <ndrsslzr80_at_gmail.com>
wrote:
> Hello,
>
> Ive been searching for ways to conduct httpd through the transparent
> mode of squid. This is because Id like to use squids ACLs not so much
> as the caching that obviously doesnt work with this protocol.
>
> Are there ways I can proxy https? Ive heard somebody mention that it
> is possible by specifying that it should go with a CONNECT method...
> I tried searching the faq for an example of this but i wasnt
> successful...
>
> Please advise..
>
> Andres

Squid will not do what you want.

HTTPS was created and designed explicitly to prevent traffic interception
security attacks (aka transparent mode proxies).

CONNECT method is an HTTP plain wrapper only used when the browser knows
it is talking to a proxy.

When doing interception of HTTPS traffic all Squid sees is random
encrypted binary numbers.

Amos
Received on Wed Oct 14 2009 - 00:22:55 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 14 2009 - 12:00:02 MDT