0 votes
I am working with Squid Proxy Server as I have also used cyberoam,Sonicwall and Clear OS.

I want to setup my own proxy like above products ie authentication in transparent proxy. Actually I setup transparent proxy but at that time my HTTPS site is not working.Then I configure one iptables rule that redirect all http & https traffic to 3128(squid port) only. but here I can access all my https websites but I cant block them.

My requirement is when I am going to access any website at first time it will ask me to authentication and then and only i can access internet. In log reports also I can show its Username and one more thing it will also possible in thinclient(terminal service).

Anybody help me short-out this problem ?
Saturday, January 12 2019, 09:32 AM
Share this post:
Responses (1)
  • Accepted Answer

    Saturday, January 12 2019, 10:11 AM - #Permalink
    0 votes
    In transparent mode squid cannot intercept https as the traffic in encrypted end-to-end. It is possible to effectively perform a man-in-the-middle attack and intercept this traffic but it involves ssl spoofing which we do not support. Your options are to use the proxy in non-transparent mode, with or without authentication, or to use Gateway Management. GM is a powerful filtering system at the DNS level, is light on resources and needs no client configuration. The proxy is heavy on resources in ClearOS and can impact throughput speed. Also some sites are not proxy friendly and need to be managed through exceptions. It requires every workstation to be individually configured or you have to get Web Proxy Auto Discovery (WPAD) going (WPAD HowTo). If you have to start pushing exceptions to workstations, you will want WPAD or you'll need to do a lot of legwork.
    The reply is currently minimized Show
Your Reply