Results 1 to 3 of 3

Thread: https issue (squid 3.x)

  1. #1
    Join Date
    Jan 2012
    Beans
    2

    Talking https issue (squid 3.x)

    Dear all

    I have issue about squid 3.x can't allow https such as url https://mail.google.com
    my server environment

    1. Ubuntu OS
    2. Squid 3.0.stable19
    3. Tranparent Proxy 1 Nic (IP : 192.168.0.3 & Gateway IP : 192.168.0.100). Normally client can access website(http) through proxy OK.
    4. Sarg installed


    How to fix and allow https ?
    For more config Include Nat table & squid.conf & interface-config & iptable rule . please see attach file.


    Thanks :O)
    Attached Images Attached Images
    Attached Files Attached Files

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,981
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: https issue (squid 3.x)

    HTTPS and proxies don't mix. Putting a proxy between the browser and a remote HTTPS site makes the proxy look like a "man-in-the-middle" attack. There are ways around this with Squid, but you'll need to create a self-signed SSL certificate for the proxy to use and install it on all the browsers.

    If you're doing this to proxy traffic for an entire network of users, you need to think about the privacy issues involved. Decrypting SSL requests at the proxy gives you the power to read the information being exchanged like credit-card or banking numbers. If this is for an organization, the powers-that-be should determine whether this is a policy they find acceptable, and whether the staff needs to be notified about the potential privacy threat.
    Last edited by SeijiSensei; January 17th, 2012 at 04:42 PM.

  3. #3
    Join Date
    Jan 2012
    Beans
    2

    Re: https issue (squid 3.x)

    Quote Originally Posted by SeijiSensei View Post
    HTTPS and proxies don't mix. Putting a proxy between the browser and a remote HTTPS site makes the proxy look like a "man-in-the-middle" attack. There are ways around this with Squid, but you'll need to create a self-signed SSL certificate for the proxy to use and install it on all the browsers.

    If you're doing this to proxy traffic for an entire network of users, you need to think about the privacy issues involved. Decrypting SSL requests at the proxy gives you the power to read the information being exchanged like credit-card or banking numbers. If this is for an organization, the powers-that-be should determine whether this is a policy they find acceptable, and whether the staff needs to be notified about the potential privacy threat.
    Thanks :O)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •