Quoting Jiri B <ji...@devio.us>:
On Tue, Mar 12, 2013 at 01:00:58PM +0000, Stuart Henderson wrote:
On 2013-03-10, Rosen Iliev <ro...@mynshosts.com> wrote:
> Transparent proxy will not be useful for HTTPS connections.
> To handle HTTPS you'll need not-transparent proxy.
Actually squid 3.3 (not in ports yet) can do this using the
sslbump MITM feature.
I had to check cvs because I've though relayd can do that too,
but ssl MITM support for relayd has not been commited yet :)
jirib
I was confused by the statement that https will not work if squid is
used as a transparent proxy. I am using squid-2.7.STABLE9p20 and
transparent proxy seems to work OK with HTTPS.
My squid.conf has the following:
acl local-subnet src 10.0.0.0/24 172.16.0.0/24
http_access allow allow_overidedomains
http_access deny block_domains
http_access deny block_extensions
http_access allow local-subnet localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 8080 transparent
In my /var/squid/logs/access.log, I have entries such as
10.0.0.103 - - [12/Mar/2013:10:23:45 -0600] "CONNECT
clients3.google.com:443 HTTP/1.0" 200 4455 TCP_MISS:DIRECT
and so it looks like internal clients go to the squid proxy for HTTPS
urls. So why are people saying that transparent proxy will not work
for HTTPS? Or am I reading this log wrong? Please let me know if that
is the case.
I used tcpdump on the external interface of the OpenBSD firewall and
did see HTTPS traffic -- NOT http traffic. The browser is Firefox
13.0.1 and it uses the squid proxy for all protocols including HTTPS.
Vijay
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca
---------------------------------------------
This message was sent using ForeTell-POST 4.9
