[squid-users] Basic HTTPS filtering via CONNECT in Squid
varun.singh at gslab.com
Sun Feb 12 10:51:44 UTC 2017
On Feb 12, 2017 2:21 PM, "Amos Jeffries" <squid3 at treenet.co.nz> wrote:
On 12/02/2017 7:40 p.m., Varun Singh wrote:
> The answer points to installing a CA on client.
The question was about how to get browsers talking TLS *directly to a
Squid reverse-proxy*. Your Ubuntu package is not capable of that and you
are not using a reverse-proxy.
> Does this mean even if I don't want Squid-in-the-middle approach, my
> clients would still have to install a certificate?
No. It is irrelevant to yrou sitation.
You began this thread with a simple question:
> I have a Squid 3 installed on Ubuntu 16.04. It works perfectly as an
> HTTP proxy server in transparent mode.
> I wanted to know whether it can be configured to run as HTTPS proxy
> server without ssl-bump i.e. without 'man in the middle attack'
Everything you have been asking about since then is various ways to do
parts of the SSL-bump process. Which does not fit very well with the
"without ssl-bump" requirement.
Simply put; if you are not going to SSL-Bump then you can discard any
thoughts of doing things with the HTTPS messages or port 443 traffic.
If you have changed your mind and want to use SSL-Bump now, please
re-describe what you want to actually happen now.
squid-users mailing list
squid-users at lists.squid-cache.org
Simply put, my question has three parts:
1. Can Squid be configured as an HTTPS proxy server without SSL-Bump?
2. If yes, then what other configurations have to performed other than
3. In this configuration, can Squid filter HTTPS requests from ACL?
Thanks for you help in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users