Re: [squid-users] Squid SSL Bump transparently CONNECT for another proxy

From: Jatin Bhasin <jbhasin83_at_gmail.com>
Date: Sun, 8 Jun 2014 08:03:22 +1000

Hello,

1) I have to bump the SSL request because I want to pass the decrypted
traffic to the eCap adapter so that I can look for viruses in the
traffic and block them if found.

2) I cannot inroduce Proxy1 in the client browser. The only option I
have is PROXY1 sitting in the middle of Client and PROXY2 and then
PROXY1 should decrypt the traffic and send it to the ecap adapter for
virus checking and block them.

> So, client is connecting to Proxy2 with a proxy request - Proxy2 should then
> make the request and return the content. What's the problem?

Yes PROXY2 is returning the content but that's encrypted and I want to
see decrypted traffic to look for virus in them.

Thanks,
Jatin

On Sun, Jun 8, 2014 at 1:46 AM, Antony Stone
<Antony.Stone_at_squid.open.source.it> wrote:
> On Saturday 07 June 2014 at 14:33, Jatin Bhasin wrote:
>
>> Hello,
>>
>> 1) PROXY2 is not configured to bump the traffic and I cannot remove it
>> from the set up.
>
> You don't need a bump if the client is configured to use Proxy2 as a proxy.
>
>> 2) PROXY2 is listening on port 3128. I have to intercept proxy port
>> because all the requests are going to PROXY2 on port 3128 and I have
>> to bump it.
>
> Why do you "have to bump it"?
>
>> Currently Client is connecting to PROXY2 and I cannot change
>> configuration on PROXY2 to bump the traffic neither I can remove it
>> from the netwrok setup.
>
> So, client is connecting to Proxy2 with a proxy request - Proxy2 should then
> make the request and return the content. What's the problem?
>
>> So is this all possible?
>
> Sorry, I'm still trying to work out not whether it's posible, but why it's
> necessary.
>
> A client configured to use a proxy has been able to make SSL/HTTPS requests
> for years - way before Squid's bump feature became available.
>
> It's only when the proxy (Proxy2 in this case) is configured to intercept
> traffic in transparent mode that you can't proxy HTTPS requests and have to
> handle that traffic some other way, but that doesn't appear to be the
> situation in your case:
>
> - the client is configured to use a proxy
> - Proxy2 is not running in transparent intercept mode
>
> so again, what doesn't work, which means you need to introduce Proxy1?
>
>
> Antony.
>
> --
> Tinned food was developed for the British Navy in 1813.
>
> The tin opener was not invented until 1858.
>
> Please reply to the list;
> please don't CC me.
Received on Sat Jun 07 2014 - 22:03:30 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 08 2014 - 12:00:04 MDT