>You seem to be speaking of a interception gateway filter.
>
>SSL was designed to prevent man-in-the-middle attacks (aka interception)
>from being done.
Mayby i sayd wrong - i do not want intercept , but only decise wchich host
can connect
>This is not possible. The URL is inside the encryption. You must decrypt
>the traffic in order to even see the URL.
I do not want filter all url , only host, if host is encrypte how routers
know whith host connect?
>Also, you have already intercepted it. Simply by passing the packets to
>Squid in the first place you are violating the TCP connection layers
>guarantee of delivery to the original destination.
Ya , i lookung a way to bypass that hmm maybe i need configure firewall in
other way to do that
>Then use WPAD on your network and configure the browser to
>"auto-detect". The browser can then be moved between networks without
>any further configurations and will use whatever proxy it can find with
>WPAD/PAC on wherever it gets plugged in.
Like i sayed i not want configure anything in broswer , thats why i looking
for proxy transparent way
>The best you are going to get is session *authorization* based on some
>non-login criteria.
>WPAD and PAC. That avoids the firewall load doubling, allows proper
>authentication, allows SSL processing by Squid, and leaves the browser
>able to be moved seamlessly between networks.
>Amos
I will rethink about that solutions, but still looking for not scripted way
Received on Fri Mar 23 2012 - 12:44:26 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 23 2012 - 12:00:04 MDT