Re: SSL/HTTPS and transparent proxy

From: Allen Sturtevant <>
Date: Mon, 11 Oct 1999 16:11:19 -0700

At 12:32 AM 10/12/99 +0200, Henrik Nordstrom wrote:
>Allen Sturtevant wrote:
> > Can Squid be configured to run as a SSL (HTTPS) transparent
> > proxy?
>Why would you want to do such a thing?
>It is doable by using a plain TCP proxy supporting transparent proxying.

      Our goal is:

   Browser <-> Internet <-> "SSL Proxy" <-> Our Firewall <->
    Internal SSL'ed Web Server

      The "SSL Proxy" will only permit certain remote hosts
through the proxy for a short period of time, to specific
internal web servers. The list of remote trusted hosts
maintained out-of-band, and changes at least hourly. The
firewall only permits accepts SSL traffic from the "SSL Proxy".

      Our firewall can perform the functions I've outlined
for the "SSL Proxy" above, but given the method that our
firewall is managed, this just simply isn't practical.

      I'm trying to stop short of installing a second firewall
for this purpose. If you could recommend a general purpose
Solaris 2.6 TCP proxy for use here, that would be wonderful! :-)
It would have to be capable of performing host-based access

Thanks for the help,

Allen Sturtevant <> Lawrence Livermore National Laboratory
SCCD/NAC/LabNet P.O. Box 808, Mail Stop L-267
Networking & Advanced Communications Livermore, CA 94551 USA
Phone: +1 925-424-3487 FAX: +1 925-422-2425
Received on Mon Oct 11 1999 - 17:22:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:47 MST