[squid-users] Transparent HTTPs proxy with Squid 3.5
Per Jessen
per at computer.org
Tue Dec 13 09:15:14 UTC 2016
Amos Jeffries wrote:
> On 13/12/2016 5:11 a.m., Fomo Dong wrote:
>> Hi all,
>>
>> For couple of days I'm trying to figure out how to get a transparent
>> HTTPs proxy to work with Squid. What I'm trying to achieve is a proxy
>> that accepts internet traffic from ports 80 & 443, routes them
>> through Squid to Privoxy and finally through Tor and returns back the
>> data. So essentially I want to "automatically" revert some traffic
>> through Tor without the user needing to add a proxy to their
>> connection.
>>
>> I know how to setup the Privoxy and Tor part, but I'm struggling with
>> the Squid & IP tables configuration.
>
> The first thing to be aware of is that Squid obeys the HTTPS
> requirement that traffic received on TLS connection also goes out one.
> So your Privoxy must be capable of receiving TLS connections from
> Squid.
>
> If Privoxy cannot do TLS like that you could have Squid do the privacy
> filtering. But then Tor would face the same requirement.
>
>
> Second thing I want to make clear is that a *transparent* proxy is the
> opposite of anonyizing proxy. A transparent proxy hides *itself* while
> _revealing_ the client. An anonymous proxy reveals itself, while
> hiding the client(s). They are almost direct opposites in behaviour.
>
> Anyhow, what you meant by the word "transparent" turns out to actually
> be "intercepting".
We also run a "transparent" proxy, but it is transparent for the
_client_. The main office router simply sends an ICMP redirect to
point clients to the proxy.
--
Per Jessen, Zürich (0.1°C)
http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland.
More information about the squid-users
mailing list