-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 06/10/2017 01:05 PM, Philip Le Riche wrote: > Thank you Tom. I'd seen that there were various guides around for > using Squid as an intercepting proxy, but I don't want to crack > open the ssl, and anyway, since I can't find how to make Alexa use > a proxy, I'm not sure it'd be any easier to find its certificate > store in order to inject a squid certificate. > > All I want to do is get Shorewall (or something running on the > Shorewall server) to field 443 connections and insert an http > CONNECT verb before relaying all subsequent traffic to the school > proxy. If Shorewall doesn't itself offer such a function I presume > I could use it to DNAT https to localhost and set up a Perl script > to listen on localhost:443 then open an onward connection to the > school proxy, inserting the CONNECT verb before the outgoing > traffic. Unless I've totally misunderstood how an https proxy > works.
I know of no way to make iptables do that; hence, Shorewall doesn't support it. The only way that I have done HTTPS proxying with is to use WPAD via DNS. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJZPG6jAAoJEJbms/JCOk0QtaIQAL5YGOYckP2BLFfosxVhS9SB o7x3j/SukkGJMM4/XFv50HvU02Xql4jmX+RxbBFFBXcA0liajYNcvIS3+gXl0s5p JJVAhFwPH3KpbXbpxshNM+5OnNYEf1uWvpnZqbbcvVO8ELMUnbitdThBUcYSNLRD tIyXLzDL5rqerWvxuGsAJ3Y44KAf3otwv5TcICQKL8w+wHg9cKAvjgaUJdrILiHI 2y9SHtzBuvcdfTsN8IBknzQmkPQW7wUquFiMoSbY0MinyuMDF5HzFLSvxKASmCjw p7u5VP+iAqNvkceBOomPxRoi79iibCtKJ8OPLYSko1S6Kar/LFJDQcnVjyN6VRM6 rplOpZKM5MF97Ot/uclEAim29ZL/jwKEuAYE19ZDH969CSRh8v8g8TIB8MTILgEz JsH0BqUELnMqBdbUK4UBAsGERJc0BIWFNz4ZbyIOxasV5GbK/cX2yh6DlQJXipQk 0qCDrJmXaDx+K8BWIeDx2ioZ6SZSWxyKTjlqfQZrR25xpVX37bzw+6rKoTcQgTKN SPyFWyZtpLfyrEl0c6kftOpq91rfn93BPwHlnNR6WhJgjh2Y0dmJOMhg0KKhVOKi DVfCU07dD1VPp3bUOrAuem9Vi+V3JCFklVvG+0ge5cdSnJsYjfvIlUeKK7pLcstQ JWQD99AOZ4slmJYqaXU3 =U2pQ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
