----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, April 18, 2007 9:02 PM
Subject: [plug] https on transparent proxy
Hi,
I am implementing a transparent proxy on the place I'm working with. I
already configured squid on my server and manually point proxy settings on
our clients browsers without any problems. However, since most of our
users are IT-know-how, so they just simply remove the proxy settings and
directly connect to the internet.
I have implemented a transparent proxy now (even if they remove the proxy
settings on their browser) but I have a problem in https websites. Https
websites wont apprear on my transparent proxy. I researched over the net
about this and many said that its not possible to transparent proxy https
requests.
Is there a way that I can tweak this problem? iptables perhaps? Show me
the
code please.
you cannot transparent proxy the https protocol.... but you can use your
proxy server for https connection from https clients.... but the proxy
server cannot cache the encrypted data (of course)...
ssl (or https) established a private end-to-end connection... redirecting it
breaks its protocol (that is usually protects you from
man-in-the-middle-attack)...
in order for the proxy server supports https connection... intermediate
proxies must establish an end-to-end TUNNEL first using the http CONNECT
method... once tunnel established then ssl protocol can establish its own
private end-to-end connection....
with regards to your problem... the only way to use your proxy server from
your (smart) people is to force them to use your proxy server thru tcp port
3128... blocking tcp port 80 and 443 doesnt guarantee that they cannot surf
the net... they can use other tcp port number accessing outside proxy
servers in order to bypass your proxy server.. ill leave it to you as an
excercise how you will implement your own firewall rules :->
fooler.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
