Re: Banking Transactions through Squid using IPCHAINS

From: Kendall Lister <kendall@dont-contact.us>
Date: Wed, 9 Feb 2000 09:42:45 +1100 (EST)

On Tue, 8 Feb 2000, Dwight Snow wrote:

> Has anyone experienced problems with SSL for on-line banking
> transactions, preferablely in Canada, and if so how did you remedy the
> problems.

We experienced problems accessing SSL sites through our transparent
proxying setup - we believe that this was because we were redirecting port
80 requests to Squid, but not port 443, and so the initial setup of the
connection would appear to come from one host, and then the SSL
connection from another (our proxy). This caused Hotmail and some bank
sites to fail; our solution was to manually configure our browsers to use
our proxy. Now I hear you shout "But doesn't that defeat the purpose of
using transparent proxying?" - yes and no: we still benefit from the
reduced administration and forced proxying (ergo caching) of transparent
proxying, but if a client reports trouble accessing a secure site, we
instruct them to use our PAC script that sets up their browser.

--
 Kendall Lister, Systems Operator for Charon I.S. - kendall@charon.net.au
  Charon Information Services - Friendly, Cheap Melbourne ISP: 9589 7781
Received on Tue Feb 08 2000 - 15:51:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:01 MST