Архив форумов ЦИТФорума

[karnage]

На машине поднят transparent HTTP-proxy с помощью iptables+squid. Все работает.

Внимание вопрос:
Что подкрутить в настройках сквида чтобы сделать transparent HTTPS-proxy?
Спасибо.

[kvardask]

-

[karnage]

-

[kvardask]

HTTPS uses port 443, so it won't work with your current ipchains setup.
You might be able to start a second squid process, and redirect HTTPS
requists through it. HTTPS is not proxied anyway, it's tunnelled thru a
proxy (http://www.squid-cache.org/Doc/FAQ/FAQ-1.html#ss1.12). I'm not
sure if squid will proxy HTTPS, since it's a different protocol from
HTTP. I'm afraid it won't work.

I suggest you masquerade the traffic if possible (using ipchains
ip masquerading), since it won't be cached anyway. If you really have to
go through a proxy, and it won't work with a second squid process, you'll
have to write your own transproxy. http://www.transproxy.nlc.net.au/ is a
different transparant proxy program, it only forwards requests to a proxy,
doesn't proxy itself. You might be able to adapt it to work with HTTPS,
then you'll have to read the RFC's on that topic. Don't ask me how to do
that, never done it really

[karnage]

-