LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-16-2008, 02:13 AM   #1
rajat83
LQ Newbie
 
Registered: Apr 2007
Posts: 20

Rep: Reputation: 0
not able to open https throughTransparent proxy


Hi Folks,
I am running squid in transparent proxy mode, I am able to access http sites but https sites are not opening .
My squid settings for transparent mode proxy is
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports

Only iptable rule is
iptables -t nat -A PREROUTING -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128


On browser, i have enabled all ssl2.0, ssl3.0 and tsl connection.........
Is there anything else which I need to do to access it transparently....

Kindly suggest


Thanx in Advance
 
Old 05-16-2008, 02:27 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
You should not be proxying https, you break the way ssl/tls works if you do that, the client needs to talk directly with the server.
 
Old 05-16-2008, 02:42 AM   #3
rajat83
LQ Newbie
 
Registered: Apr 2007
Posts: 20

Original Poster
Rep: Reputation: 0
Thanx for the reply.............
But I really donot get it ...........What do you mean by directly connected.................
The only thing is I have seen people accessing https sites through transparent proxy .........>>>so I am trying to deploy the same at my end also
 
Old 05-16-2008, 03:21 AM   #4
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
The client and the server need to be talking to each other directly.
 
Old 05-16-2008, 05:08 AM   #5
rajat83
LQ Newbie
 
Registered: Apr 2007
Posts: 20

Original Poster
Rep: Reputation: 0
My client and my server are connected directly but even then https is not working
 
Old 05-16-2008, 06:13 AM   #6
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Dude you don't get it, you CAN NOT proxy https, the client needs to open a direct connection to the https server, having a proxy in between leads to man in the middle attacks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTPS reverse proxy/VPN??? jantman Linux - Server 1 03-08-2008 11:57 PM
Dedicated HTTPS proxy? anybody1234 Linux - Security 16 11-08-2005 10:07 PM
SuSE 9.1 has no HTTPS through our Proxy slacker9876 Linux - Networking 2 05-13-2004 08:13 PM
https proxy (???) aaronluke Linux - Networking 3 09-12-2002 09:35 AM
Squid proxy and https roba Linux - Software 2 08-14-2002 04:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration