[squid-users] Transparent HTTPs proxy with Squid 3.5

Per Jessen per at computer.org
Tue Dec 13 09:15:14 UTC 2016

Amos Jeffries wrote:

> On 13/12/2016 5:11 a.m., Fomo Dong wrote:
>> Hi all,
>> For couple of days I'm trying to figure out how to get a transparent
>> HTTPs proxy to work with Squid. What I'm trying to achieve is a proxy
>> that accepts internet traffic from ports 80 & 443, routes them
>> through Squid to Privoxy and finally through Tor and returns back the
>> data. So essentially I want to "automatically" revert some traffic
>> through Tor without the user needing to add a proxy to their
>> connection.
>> I know how to setup the Privoxy and Tor part, but I'm struggling with
>> the Squid & IP tables configuration.
> The first thing to be aware of is that Squid obeys the HTTPS
> requirement that traffic received on TLS connection also goes out one.
> So your Privoxy must be capable of receiving TLS connections from
> Squid.
> If Privoxy cannot do TLS like that you could have Squid do the privacy
> filtering. But then Tor would face the same requirement.
> Second thing I want to make clear is that a *transparent* proxy is the
> opposite of anonyizing proxy. A transparent proxy hides *itself* while
> _revealing_ the client.  An anonymous proxy reveals itself, while
> hiding the client(s). They are almost direct opposites in behaviour.
> Anyhow, what you meant by the word "transparent" turns out to actually
> be "intercepting". 

We also run a "transparent" proxy, but it is transparent for the
_client_.  The main office router simply sends an ICMP redirect to
point clients to the proxy. 

Per Jessen, Zürich (0.1°C)
http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland.

More information about the squid-users mailing list