[squid-users] MITM the MITM
Antony Stone
Antony.Stone at squid.open.source.it
Tue Jan 4 00:35:48 UTC 2022
On Tuesday 04 January 2022 at 01:19:28, Will BMD wrote:
> Hey all,
>
> I currently have the following network topology, it's emulating a real
> world environment. The proxy is running ssl_bump.
>
> LAN <-> Squid Proxy <-> Firewall <-> Internet
>
> From the Firewall's perspective all client connections are originating
> as the proxy server.
Okay, that makes good sense.
> We're wanting to use the https inspect feature of the firewall,
Please give more details?
- What sort of firewall is this?
- What does "HTTPS inspect" actually mean?
- How does the firewall "inspect" HTTPS traffic, which by design is encrypted
between client and server (neither of which is the firewall)?
- What does "inspect" mean? What information is revealed from the inspection
of the encrypted communication?
> but according to our firewall documentation it appears due to the location of
> our proxy servers we would be unable to do so.
Why? Where would the proxy servers need to be instead, in order for this
inspection to work?
Alternatively, how does/would it work if the proxy were not there, and clients
communicated directly to the Internet through the firewall?
> My question is, if the proxy is behaving as a MITM between itself and
> the client, can't the Firewall do the same thing between itself and the
> proxy?
I agree. Have you asked the suppliers / authors / vendors of the firewall?
> I suspect it is possible, but might potentially involve a lot of headaches
> and a big hit on performance?
Who knows?
If it's the firewall telling you there's a problem, this doesn't entirely feel
like a Squid question.
Antony.
--
If you can smile when all about you things are going wrong, you must have
someone in mind to take the blame.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list