Hello All,
From my reading on the subject, the transparent proxy of squid is unable
to transparently proxy SSL data. I am a little curious about how this
works.
For instance, let's say that you have a LAN that only allows one single
machine, the gateway/proxy, to access the internet. This proxy server is
setup as a transparent proxy, because you either don't have the time or
the knowledge of remotely configuring all of the workstations to use your
gateway/proxy server as the proxy. (Which, by the way can be done, if you
are running a Windows Domain Controller and have setup Group Policy
Objects, I imagine that it can also be done with login scripts for UNIX
Systems, that is something that I still need to look into...)
So, the questions are:
1. If the gateway/proxy is the only machine to access the internet and
it doesn't forward any internal IP traffic to the internet, do any SSL
connections work through the proxy? (This server is not a NAT or IP
Masquerading server, it simply sits on a network with two NICs, one
attached to the internet, one attached to the extranet and disallowing
all traffic to run between the two NICs.)
2. If the SSL connections still work, but "lose" the SSL component, is
setting up a transparent proxy with squid really worth it? (I mean what
happens when the boss has his/her banking account opened up by someone
listening to your internet connected server?)
3. Would it not be wiser and much more secure to simply spend the 30 to
45 seconds each, that it would take one to configure something like 15 to
30 workstations, if a Domain Controller is unavailable? (If you have more
then 10 workstations, a site really should consider some kind of
centrally controlled DC or NIS+ Running Server.)
I am really looking for answers and an opinion on this topic.
Regards,
Robert Adkins
IT Manager/Buyer
IMPEL Industries, Inc.
Received on Tue Jun 11 2002 - 10:44:00 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:38 MST