On Mon, 14 Sep 2009 21:27:15 -0500 (CDT), Al - Image Hosting Services <az...@zickswebventures.com> wrote: > Hi, > > I ran into basically the same issue with https. If https requests are just > rerouted to squid then it doesn't work. It looks like the browser sends > the request encrypted when just routed to the proxy and it looks like it > sends the request plain text when you have the browser configured to use > the proxy. Can someone confirm this? And if this is the case, is there a > way to use a transparent proxy with https?
Correct. The 'S' in HTTPS is for 'Secure' or 'SSL' (same meaning). It was designed specifically to prevent interception attacks on HTTP traffic. One guess what transparent proxy does? To perform HTTPS interception you require software to do the interception (Squid + NAT). Install a SSL certificate in the Squid to name it the authoritative web server for every domain on the planet. Install another SSL certificate in the web browser of every visitor to let the clients web browser believe the false certificate you installed in the Squid. ...or trust that all your clients/visitors will simply click okay/accept at the security attack warning they get faced with. Done. You are now committing a felony crime in most countries. But never mind that. Amos
