Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Squid basically is an HTTP proxy and hence it would not be possible to intercept the encrypted HTTPS traffic using Squid. It would defeat the purpose of having an encryption.
I am not sure what you have done here to make Squid work in transparent mode. Logically you should use iptables to redirect all the traffic on port 80 to port 3128 (or any other port on which squid is listening). This should not affect port 443 unless you have redirected the HTTPS content as well. And if you have done that, the HTTPS sites obviously will not work.
do not transparently proxy https. It's really difficiult to get it right, and if you don't appreciate the specific issues involved in proxying SSL encrypted traffic, you'll NEVER get a good solution.
Transparent proxying is NOT the miracle you think it is. configure the clients to explicitly use the proxy, block unproxied web access and have a simple system you can properly understand.
Squid basically is an HTTP proxy and hence it would not be possible to intercept the encrypted HTTPS traffic using Squid. It would defeat the purpose of having an encryption.
Well it *IS* possible, mostly since Squid 2.6, but it's not just a tick box thing to get going, and is pretty misleading to say it's fully supported. But it's definitely possible with termination and reencryption. If a sysadmin doesn't understand the ins and outs though it's a VERY irresponsible thing to do, including bringing legal issues into the mix.
Dear Chaitanya and Chris thanks for your response. Transparent proxying is my need to connect my PAM devices users. I am using squid 3.0 precompiled RPM for binding IP with MAC to restrict my users to not change their IP addresses.
Dear Chaitanya and Chris thanks for your response. Transparent proxying is my need to connect my PAM devices users. I am using squid 3.0 precompiled RPM for binding IP with MAC to restrict my users to not change their IP addresses.
Regards.
your update doesn't provide any extra relevant information or questions. What kind of further replies are you hoping for?
I want tell you peoples that i am bound to use transparent proxy, and squid 3.0 to achieve my required goals. You please guide me how to get my desired results i.e. open https sites like gmail etc.
The best you can do is configure an https_port with transparency on the server. You'll need to create your own certificate to encrypt the connection. This will mean that when a user connects to gmail.com they will get YOUR certificate, and their browser will complain. when they go to facebook.com, they will get YOUR certificate and their browser will complain. It's a sucky solution. You shoudl take pride in your work and get the requirements and limitations changed. this is not a good solution.
Dear Chris thanks the link http://tektab.com/2012/09/28/squid-t...s-ssl-traffic/ has done the job. But i am receiving the following error after entering user name and password for my gmail and yahoo email accounts
Connection to 173.194.70.94 failed
The system returned71) Protocol error
the remote host or network may be down. Please try the request again.
Regard.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.