[squid-users] FW: Encrypted browser-Squid connection errors
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Oct 25 17:03:48 UTC 2022
>On 10/25/22 10:18 AM, Matus UHLAR - fantomas wrote:
>>I prefer to explicitly state what one means by transparent because
>>RFC2616 has defined transparent proxy diferently:
On 25.10.22 10:56, Grant Taylor wrote:
>I do too. I /thought/ that I was explicitly stating. At least that
>was my intention.
>
>Aside: That's why I included my working definition. So hopefully you
>would know what I meant even if I accidentally used the wrong term.
I think intercepting is better, more precise.
>Based on the quoted sections, it seems to me like an intercepting
>proxy is a superset of a transparent proxy.
those two are completely separate,
proxy may be intercepting and modify content (e.g. filter), including squid.
>Aside: I've long been a fan of and preferred explicit client
>configuration to use a proxy.
yes, especially PAC scripts are great to explicitly state what you need,
including using socks for other than http(s)/ftp connections (direct
smtp,imap,pop3 over socks)
>>and of course socks is generic bidiretional tcp/udp proxy, which
>>makes it possible to implement it near over any kind of
>>communication.
>
>Yes, SOCKS is bidirectional. However, inbound connections through it,
>e.g. FTP active connections, are time limited. -- At least I'm not
>aware of any way to have a SOCKS proxy allow inbound traffic
>indefinitely a la. port forwarding in NAT or SSH remote port
>forwarding (assuming the real server is the SSH client).
I guess PORT connections have to be allowed on the SOCKS server which is I'd
say not common (can be dangerous)
passive connections are safe in case of ftp/ssl, where it's impossible to
know for the proxy/firewall who connects where.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
More information about the squid-users
mailing list