Community discussions

MUM Europe 2020
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

web-proxy and https

Sat Oct 02, 2004 11:55 am

is it possible to use the build-in web-proxy (2.8.16) for https-connections?

what would the ip firewall rule look like?

i tried:
 0   ;;; transparent http-proxy
     in-interface=lan dst-address=!192.168.254.0/23:80 protocol=tcp action=redirect to-dst-port=3128 

 1 X ;;; transparent https-proxy - doesn't work!
     in-interface=lan dst-address=!192.168.254.0/23:443 protocol=tcp action=redirect to-dst-port=3128 
(192.168.254.0/23 is my local network, where the proxy should be circumvented)

any hints?
matthias
 
User avatar
lastguru
Trainer
Trainer
Posts: 435
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia
Contact:

Mon Oct 04, 2004 3:27 pm

That should not work at all!
That is because of security inherent in HTTPS protocol - it just does not allow transparent proxying. Doing this would be considered a man-in-the-middle attack...
International MikroTik Certified Trainer and Consultant form Latvia.
I do RouterOS Training and Certification worldwide!

skype: lastguru
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Mon Oct 04, 2004 4:38 pm

yes, thanks.

i checked for the squid documentation also and there seems to be this "CONNECT" command, which is mentioned in the web-proxy docs too.

regards.
matthias

Who is online

Users browsing this forum: MSN [Bot] and 120 guests