web-proxy and https

RouterOS General
1

is it possible to use the build-in web-proxy (2.8.16) for https-connections?

what would the ip firewall rule look like?

i tried:

 0   ;;; transparent http-proxy
     in-interface=lan dst-address=!192.168.254.0/23:80 protocol=tcp action=redirect to-dst-port=3128 

 1 X ;;; transparent https-proxy - doesn't work!
     in-interface=lan dst-address=!192.168.254.0/23:443 protocol=tcp action=redirect to-dst-port=3128

(192.168.254.0/23 is my local network, where the proxy should be circumvented)

any hints?
matthias

2

That should not work at all!
That is because of security inherent in HTTPS protocol - it just does not allow transparent proxying. Doing this would be considered a man-in-the-middle attack…

3

yes, thanks.

i checked for the squid documentation also and there seems to be this “CONNECT” command, which is mentioned in the web-proxy docs too.

regards.
matthias