Search squid archive

RE: squid transparent proxy - https ssl filtering url

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




>You seem to be speaking of a interception gateway filter.
>
>SSL was designed to prevent man-in-the-middle attacks (aka interception) 
>from being done.

Mayby i sayd wrong - i do not want intercept , but only decise wchich host
can connect

>This is not possible. The URL is inside the encryption. You must decrypt 
>the traffic in order to even see the URL.

I do not want filter all url , only host, if host is encrypte how routers
know whith host connect?

>Also, you have already intercepted it. Simply by passing the packets to 
>Squid in the first place you are violating the TCP connection layers 
>guarantee of delivery to the original destination.

Ya , i lookung a way to bypass that hmm maybe i need configure firewall in
other way to do that

>Then use WPAD on your network and configure the browser to 
>"auto-detect". The browser can then be moved between networks without 
>any further configurations and will use whatever proxy it can find with 
>WPAD/PAC on wherever it gets plugged in.

Like i sayed i not want configure  anything in broswer , thats why i looking
for proxy transparent way

>The best you are going to get is session *authorization* based on some 
>non-login criteria.
>WPAD and PAC. That avoids the firewall load doubling, allows proper 
>authentication, allows SSL processing by Squid, and leaves the browser 
>able to be moved seamlessly between networks.
>Amos

I will rethink about that solutions,  but still looking for not scripted way



[Linux Audio Users]     [Photo]     [Yosemite News]     [Samba]     [Video Projectors]     [Video Devices]     [Big List of Linux Books]     [LCD TVs]     [Webcams]     [Linux USB]

  Powered by Linux