[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables port forwarding

--On 12 November 2002 20:59 +1100 Rob Weir <rweir@softhome.net> wrote:

On Mon, Nov 11, 2002 at 03:22:14PM +0000, Siraj 'Sid' Rakhada wrote:
I live behind such a fascist firewall, but as I don't use port 443 on my
home lan, I have redirected that host to elsewhere. It's probably better
anyway, as some sites trap port 80 traffic and make it go via a web
proxy  (though the 443 solution is not immune either).

Isn't 'most' https traffic an encrypted, binary stream.  Aside from
initial negotiation, I guess.  How can this be transparently proxied?
How would it even be useful, since the data is encrypted and cannot be

Yes - you're quite right. I wasn't thinking straight. https uses the "CONNECT" mechanism...?

I only thought it might be useful for firewall controllers to force maybe only certain urls to be allowed via a super-fascist proxy, etc. etc. But now we're into realms of pointlessness so I'll shut up ;)




Reply to: