Re: [squid-users] HTTPS transparently

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Sun, 24 Jun 2007 16:21:21 +0200

On 23.06.07 15:52, Jan Groenewald wrote:
> I have this setup:
>
> INTERNET ---- OTHERPROXY_SQUID25 ---- OTHER_LAN + MYPROXY_SQUID2.6 ---- MYLAN
>
> OTHERPROXY does not allow https out except via the proxy, and
> all the NAT'ed OTHER_LAN have proxies set non-transparently.
>
> MYPROXY is on OTHER_LAN and peers to OTHERPROXY, and is
> transparent for (again NAT'ed) MYLAN.
>
> MYPROXY has this facing MYLAN:
> http_port 10.0.0.1:3128 transparent
> never_direct allow all
> with port 80 redirected to port 3128 by iptables.
>
> Since OTHERPROXY recently firewall-blocked 443 except
> via proxy, MYLAN does not get HTTPS. I got OTHERPROXY
> to allow https, then MYLAN has https access again. This is
> a temporary solution.

Make it a permanent solution. There's no need for intercepting HTTPS
connections and squid does not support them yet.
Other way may be not using intercepting but configure all clients use
MYPROXY or OTHERPROXY for https.

> However, not all of MYLAN can set the proxy manually, it is too dynamic.

too dynamic? try using WPAD.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
Received on Sun Jun 24 2007 - 08:21:27 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT