Re: [squid-users] Transparent proxy with HTTPS on freebsd

nope,
you can NOT use transparent proxy for HTTPS.

since using transparent proxy for HTTPS
will be considered as man-in-the-middle attack.

you probably may use PAC (as Amos suggested)
but IMO it ruin the basic idea of using transparent proxy
(which is user does not need to put any setting in their browser)

------------------------
Nyoman Bogi Aditya Karna
      IM Telkom
http://www.imtelkom.ac.id
------------------------

--- On Wed, 4/29/09, goody goody <thinkodd_at_yahoo.com> wrote:

> From: goody goody <thinkodd_at_yahoo.com>
> Subject: Re: [squid-users] Transparent proxy with HTTPS on freebsd
> To: squid-users_at_squid-cache.org
> Cc: "Amos Jeffries" <squid3_at_treenet.co.nz>
> Date: Wednesday, April 29, 2009, 7:30 AM
>
> Dear Amos,
>
> i say http works but https doesn't behind transparent proxy
> (no proxy details specified in browser) and this is simply I
> just want to achieve as some sites such as yahoo, gmail use
> https to connect to.
>
> so if you guide my how can i configure squid to allow https
> sites to connect behind transparent proxy.
>
> Further info regarding squid and bsd os is as follows.
>
> squid version info
>
> Squid Cache: Version 2.5.STABLE10
> configure options:  --enable-storeio=diskd,ufs
> --enable-snmp --with-openssl=/opt/ssl '--enable-auth=basic
> ntlm' --enable-wccp '--enable-removal-policies=heap lru'
>
> BSD OS Info
>
> FreeBSD XXX 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Fri Mar 30
> 18:16:33 PKT 2007     root_at_xxx.abc.com.:/usr/src/sys/i386/compile/BSD-ROUTER 
> i386
>
> an early response would be very much appreciated.
>
> Regards,
>
>
> --- On Wed, 4/29/09, Amos Jeffries <squid3_at_treenet.co.nz>
> wrote:
>
> > From: Amos Jeffries <squid3_at_treenet.co.nz>
> > Subject: Re: [squid-users] Transparent proxy with
> HTTPS on freebsd
> > To: "abdul sami" <sami.memon_at_gmail.com>
> > Cc: squid-users_at_squid-cache.org
> > Date: Wednesday, April 29, 2009, 1:49 PM
> > abdul sami wrote:
> > > Dear all,
> > >
> > > subject settings doesn't work when i set the
> > transparent proxy though
> > > http traffic works. on analysis of traffic i have
> come
> > to know that
> > > proxy doesn't add it's source address to https
> traffic
> > rather simply
> > > forwards it with local net address to
> gateway/firewall
> > device which
> > > ultimately drops the packets.
> > >
> > > any suggestion in shape of steps/article would
> be
> > highly appreciated.
> > >
> > > Regards,
> >
> > Pardon?
> >  HTTPS being transparently intercepted (miracle
> #1) and the
> > users not phoning you about being attacked? (miracle
> #2).
> >
> > HTTPS == HTTP via _secure_ SSL.
> > transparent proxy == man-in-middle network attack on
> > traffic.
> >
> > HTTPS was created to prevent transparent interception
> > amongst other things. So yes I'm not surprised it
> won't
> > work.
> >
> > What are you trying to achieve with this?
> >
> > Amos
> > -- Please be using
> >   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
> >   Current Beta Squid 3.1.0.7
> >
>
>
>
>
Received on Wed Apr 29 2009 - 11:58:17 MDT