HTTPS pass through / SNI filtering

From: Deniz Eren <deniz_at_denizeren.net>
Date: Mon, 4 Jul 2011 15:04:59 +0300

Hi;

I'm planning to work on an acl which uses SNI. But I need to pass
https traffic through squid without processing it. Because I'm not
interested in filtering or seeing the content, SNI server_name info
will be enough. But with squid it is not possible to pass https
traffic without processing it. In my design I won't use proxy, the
iptables rule below will redirect https traffic to squid:

iptables -t nat -I PREROUTING -p tcp --dport 443 -j DNAT
--to-destination 192.168.0.1:3128

Can you give me ideas how to solve above problem? And also are you
working on SNI filtering?

Good day to you..
Received on Mon Jul 04 2011 - 12:05:06 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 06 2011 - 12:00:03 MDT