[KLUG Members] passing https through a "firewall"

Bruce Smith bruce at armintl.com
Thu Jul 22 16:32:38 EDT 2004

Previous message: [KLUG Members] passing https through a "firewall"
Next message: [KLUG Members] passing https through a "firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > You [obviously] can't proxy https traffic.
> > 
> > You can proxy it (I do it with squid), you just can't content filter it.
> 
> What good is proxying if all you can record is the IP address of the
> host they were connecting to?  

What's the good of SSL if someone in the middle can read the traffic?

> I can do that with an IPTABLES log
> through the kernel w/o having to bog down the user-space more.

Squid also records the URL in it's log, and you can filter on URL's.
You just can't filter on the traffic (content) since it's encrypted.

You can also configure squid to only allow authenticated traffic though
to the internet.  Our squid server pops up a user/password box on the
browser the first time a user tries to go out.  If their userid isn't in
the internet group, they don't get to surf (SSL or plain text).

 - BS

Previous message: [KLUG Members] passing https through a "firewall"
Next message: [KLUG Members] passing https through a "firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list