<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.6">
</HEAD>
<BODY>
On Thu, 2015-11-12 at 09:37 +0300, Ahmad Alzaeem wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Sorry , didn’t understand , could you explain more ??
cheers
-----Original Message-----
From: squid-users [<A HREF="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</A>] On Behalf Of James Lay
Sent: Thursday, November 12, 2015 12:29 AM
To: <A HREF="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A>
Subject: Re: [squid-users] squid http & https intercept based on DNS server
On 2015-11-11 12:23, Ahmad Alzaeem wrote:
<FONT COLOR="#737373">> Hi guys</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> I want to ask a question</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> Assume I have a dns server that resolve all the names to the ip of </FONT>
<FONT COLOR="#737373">> squid</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> So we will have all websites go to squid</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> The question is being asked here is :</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> If I used squid in intercept mode</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> Will I be able to handle http & https traffic without adding cert and </FONT>
<FONT COLOR="#737373">> CA in the clients browsers' ??</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> Again</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> Will I have issues with Https in certs ?</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> cheers</FONT>
<FONT COLOR="#737373">> _______________________________________________</FONT>
<FONT COLOR="#737373">> squid-users mailing list</FONT>
<FONT COLOR="#737373">> <A HREF="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A></FONT>
<FONT COLOR="#737373">> <A HREF="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</A></FONT>
No. Certain clients don't even use DNS, but a hardcoded IP (I'm looking at you TextNow).
James
_______________________________________________
squid-users mailing list
<A HREF="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A>
<A HREF="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</A>
</PRE>
</BLOCKQUOTE>
<BR>
Some applications (I'm thinking mobile apps) may or may not use a hostname...some may simply connect to an IP address, which makes control over DNS irrelevant at that point. Hope that helps.<BR>
<BR>
James
</BODY>
</HTML>