IMO, you got that wrong. Squid re-sends the https datagram in a wholly new packet, with Source IP Address is the squid's IP Address.
I should know, for my firewall at my office totally block non-proxy addresses. Yet employees still can access Gmail and/or Yahoo!Mail (both of which use https for authentication purposes). As usual, CMIIW. Rgds, [p] goody goody wrote: > after going thru different articles and analyzing the behavior of squid 2.5 > stable10 transparent proxy over freebsd machine, it is not possible that > https requests are entertained in other words it simply means proxying will > not be done for https traffic. > > now let's dvlvle in details. > > in case of transparent squid proxy whenever https traffic is passed through > the proxy, proxy does not adds it's ip addres rather it forwards the packets > with original client ip address located on internal network. the packets then > finally are natted at the firewall with the public ip address, and operation > successfully completes. > > but in my case my network colleagues who are managing firewall device have > blocked any traffic originating from internal network and have only allowed > proxy address hence any https traffic is blocked becoz they have the source > address as internal address not of the proxy. > > as it should be, any traffic that leaves the proxy with the modified source > address as of proxy address , successfully completes the request. > > hence http traffic and https traffic with manual/force proxy works but > transparent proxy with https traffic doesn't work. > > if i am wrong or there is any work around would be highly appreciated. > > Thanks in advance. > > > > > > > > > -- *Pandu E Poluan* *Panin Sekuritas* IT Manager / Infrastructure & Audit Phone : +62-21-515-3055 ext 135 Fax : +62-21-515-3061 Mobile : +62-856-8400-426 e-mail : [email protected] <mailto:[email protected]> Y!M : hands0me_irc MSN : [email protected] GTalk : [email protected]
