On Thu, 7 Oct 2004 07:27 pm, David Kempe wrote: > James Gray wrote: > > transparent proxy: means all your outgoing port 80/443 requests are > > transparently redirected to the proxy irrespective of the users' proxy > > configuration. This is usually done at the perimeter router/firewall > > using iptables and destination NAT (or similar). > > > > > > Whilst transparent proxying sounds attractive you CANNOT use this AND > > authentication at the same time. Think about it; if you were > > connecting to "www.foo.com" and got prompted for authentication > > credentials from something other than "www.foo.com" when you weren't > > expecting it, would be considered a "man-in-the-middle" type attack. > > However, if your browser is > > I thought you couldn't transparent proxy SSL for the same > man-in-the-middle reason. > > dave
Correct :) Proxy configured in browser means SSL connections can be proxied (to a certain extent - the data/content isn't cached, but the requests are passed back and forth). In fact we use the proxy at work to "translate" the external web site address to its internal server IP. If users connect to https://ssl.site/ it would resolve to an external address (61.95.x.y), but because the proxy has the internal 192.168.x.y address in it's /etc/hosts file, the users can still use the common (external) name but connect to the internal server...all over SSL and via the proxy :) Means we only need one set of docs and the users can access the site externally (we have a few tele-commuters). Also means we can keep a track of how long users work for when in the office and how long they spend on "other" sites :P James -- Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
