Re: Squid with https in transparent mode
Am 26.06.2013 15:59, schrieb Karl E. Jorgensen:
> On Tue, Jun 25, 2013 at 01:07:26PM +0100, Frank Lanitz wrote:
>> Hi folsk,
>>
>> Is there a way of using a squid proxy in transparent way, just to put
>> the traffic and forward it via another proxy to outside network(no
>> caching etc) w/o doing man-in-the-middle? Currently I've got this
>> running for http via
>>
>> cache_peer xx.xx.xx.xx parent 3128 7 no-query default
>> never_direct allow all
>>
>> and a transparent setup for SSL. If I'm entering the proxy directly into
>> e.g. Firefox it's working -- but don't got it running via transparent mode.
>
> HTTPS (a.k.a. HTTP-over-SSL) is not amenable to transparent proxying -
> the encryption is designed to be end-to-end.
>
> However, I believe that you can make squid a front-end for a web site
> if you give the SSL keys to squid - but this may be a different use
> case than yours....
Yes, it is. I don't want to have man-in-the-middle or any chance to read
what coworkers are doing.
> Perhaps if you describe what you're trying to achieve, the list can
> come up with other/better ways of reaching that goal?
>
Well.... I've got a side-2-side VPN where goal is to gateway all
outgoing traffic via the other side of vpn. Due to some reasons a proxy
(squid) on second side of vpn should be the outgoing server.
So my idea was, as I might not will be able to configure all clients to
work with a proxy, that on 1st side of side-2-side I'm installing a
squid for caching e.g. http and ftp request to save bandwith and
forwarding everything to second proxy. Doing this on a transparent way
is working fine for http. Also it's working fine when I'm putting 1st
squid into config of e.g. firefox directly. But I'm not able to also
setup transparent modus for https.
Cheers,
Frank
Reply to: