Several people ask on the squid mailing list they are working with a transparent proxy but they need transparently "proxy" the 443 port "HTTPS" they mean that their transparent proxy could work with https urls.
But there are some misconceptions between HTTPS/SSL and proxy/reverse proxys.
Brief description:
Working as a normal proxy, squid can tunnel SSL requests when are requested by a HTTP user-agent (Netscape Documentation) vía HTTP proxies.
This involved a HTTP method (CONNECT) for establishing the tunnel.
But in a interception proxy know as transparent proxy as well, the proxy becomes the server for the client and becomes the client for the web server. The connection between the two parts who starts the connection is broken and the identity of each is hidden (SSL), so in this special case the transparent proxy doesn't know how to handle the SSL requests because is not operating as a normal proxy.
Some ideas to implement:
- Listen on a different port than the current port used for the transparent proxy (usually 80)
- Accept the SSL connection.
- Do the acl lookups sourc/destination IP, source MAC, , time srcdomain...
- Convert it to a HTTP CONNECT request suitable for the http proxy.
