That rule is correct to try and make a transparent proxy, and it will work fine for HTTP, but it will not work for HTTPS. There is nothing that you can really do to make it work for HTTPS transparently, you are becoming a man-in-the-middle by trying to do so, and HTTPS won't allow it. It's not a matter of the correct firewall rules, it's a matter of security and the way the protocol is setup.
I'm not sure how many different ways this can be stated and how clearer I could have made it in the last posts. It is impossible to redirect HTTPS to a transparent proxy and have it work. There is no combination of firewall rules, filter rules, or proxy configuration to make it work. You asking the same question in different ways will only net the same answer to your question.
The 'S' in HTTPS stands for 'secure'. If you are able to transparently redirect and proxy/filter/see into that secure connection, it's not very secure now is it? The whole point of it is the data is encrypted from the client to the server, and that nothing should be able to intercept it and read it without the clients permission. If that security is not in place, then the connection is broken since the data cannot be trusted.
[admin@] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 X ;;; place hotspot rules here chain=unused-hs-chain action=passthrough to-addresses=0.0.0.0 1 chain=dstnat action=dst-nat to-addresses=IP_PROXY to-ports=3128 protocol=tcp in-interface=vlan1 dst-port=80,443
Is this rule correct? Is it possible to work this way?
No, the rule is incorrect due to that redirection of the HTTPS (443) traffic cannot be done as Feklar says. So if you remove the 443 in dst-port the HTTPS traffic will work, not via the proxy but directly to the HTTPS host.
Thanks for help. For me don't make sense that Mikrotik did not be capable to redirect HTTPS traffic because there are many other ways to block "Man-in-the-middle". In this case if I want to access HTTPS sites it is necessary to use WebProxy
Users browsing this forum: No registered users and 30 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum