[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS transparent proxy with Squid

On Wed, Jul 25, 2001 at 11:41:32AM +0100, Sean Kelly wrote:

> 	I read an article of yours on
> http://www.mail-archive.com/debian-isp@lists.debian.org/msg02194.html and
> was wondering if you could offer some advice.
> 	I am transparently proxying HTTP requests using Linux and Squid.
> The linux kernel (using IPChains) is set to send any port 80 requests to the
> proxy port (3128).  This works fine.  However, if I try the same thing with
> HTTPS requests it does not work.
HTTPS uses port 443, so it won't work with your current ipchains setup.
You might be able to start a second squid process, and redirect HTTPS
requists through it. HTTPS is not proxied anyway, it's tunnelled thru a
proxy (http://www.squid-cache.org/Doc/FAQ/FAQ-1.html#ss1.12). I'm not
sure if squid will proxy HTTPS, since it's a different protocol from
HTTP. I'm afraid it won't work.

I suggest you masquerade the traffic if possible (using ipchains
ip masquerading), since it won't be cached anyway. If you really have to
go through a proxy, and it won't work with a second squid process, you'll
have to write your own transproxy. http://www.transproxy.nlc.net.au/ is a
different transparant proxy program, it only forwards requests to a proxy,
doesn't proxy itself. You might be able to adapt it to work with HTTPS,
then you'll have to read the RFC's on that topic. Don't ask me how to do
that, never done it really :)

Someone else on debian-isp might have more experience on transproxying
HTTPS trafic

> Name:           Alson van der Meulen      <
> Personal:       alson@linuxfreak.nl       <
> School:       alson@gymnasiumleiden.nl    <
What's this switch for anyways...?

Reply to: