RE: [squid-users] squid transparent proxy - https ssl filtering url

From: Michał Wiącek <mwiacek_at_siodemka.com>
Date: Fri, 23 Mar 2012 13:44:11 +0100

>You seem to be speaking of a interception gateway filter.
>
>SSL was designed to prevent man-in-the-middle attacks (aka interception)
>from being done.

Mayby i sayd wrong - i do not want intercept , but only decise wchich host
can connect

>This is not possible. The URL is inside the encryption. You must decrypt
>the traffic in order to even see the URL.

I do not want filter all url , only host, if host is encrypte how routers
know whith host connect?

>Also, you have already intercepted it. Simply by passing the packets to
>Squid in the first place you are violating the TCP connection layers
>guarantee of delivery to the original destination.

Ya , i lookung a way to bypass that hmm maybe i need configure firewall in
other way to do that

>Then use WPAD on your network and configure the browser to
>"auto-detect". The browser can then be moved between networks without
>any further configurations and will use whatever proxy it can find with
>WPAD/PAC on wherever it gets plugged in.

Like i sayed i not want configure anything in broswer , thats why i looking
for proxy transparent way

>The best you are going to get is session *authorization* based on some
>non-login criteria.
>WPAD and PAC. That avoids the firewall load doubling, allows proper
>authentication, allows SSL processing by Squid, and leaves the browser
>able to be moved seamlessly between networks.
>Amos

I will rethink about that solutions, but still looking for not scripted way
Received on Fri Mar 23 2012 - 12:44:26 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 23 2012 - 12:00:04 MDT