[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FW-1 and squid

To: [email protected]
Subject: Re: [FW-1] FW-1 and squid
From: Stephen Jones <[email protected]>
Date: Thu, 11 Jul 2002 16:08:38 +0200
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Assuming you're trying to transparently proxy the service (in a similar fashion to WCCP), then the short answer to the HTTPS problem is - you can't

from http://www.tldp.org/HOWTO/mini/TransparentProxy-2.html

" Finally, as far as transparently proxing HTTPS (e.g. secure web pages using SSL, etc.), you can't do it. Don't even ask. For the explanation, do a search for 'man-in-the-middle attack'. Note that you probably don't really need to transparently proxy HTTPS anyway, since squid does not cache secure pages. "

Regards

Stephen

-----Original Message-----
From: Steck, Steffen M. [mailto:[email protected]]
Sent: 11 July 2002 14:13
To: [email protected]
Subject: Re: [FW-1] FW-1 and squid


FYI finally I got some kind of solution for all those squids out there.
I created a user defined service called http_redirect with the following
inspect code in the match field:
SRV_REDIRECT(80,*ip of my squid*,3128)
assuming squid is listening on port 3128 and i want to redirect standard
port 80 http requests.
The next thing is a rule:
internal network -> external network -> my new service -> accept
and of course one that lets squid surf
This seems to work with any http port (tested with 8000 and 8080) but not
with https / 443. I am still figuring out where the problem here is.

Greetings
Steffen

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] revision control in NG Feature Pack 2
Next by Date: [FW-1] Unknown established TCP packet in CPNG
Prev by thread: Re: [FW-1] FW-1 and squid
Next by thread: [FW-1] FW: Odd setup continued.......
Index(es):
- Date
- Thread