Firewall Wizards mailing list archives
HTTPS proxy solutions
From: Sigurd Urdahl <sigurdur () linpro no>
Date: 05 Mar 2004 20:20:21 +0100
Hi all, does anyone know of commercially or freely available https proxies that terminates the SSL traffic, thus allows for content scanning of the traffic? I'm aware that such a solution need to generate certificates that the clients accept. What I'm thinking of is a proxy that gathers information about name resolution done by clients and use that to generate a SSL certificates for each connection. E.g if the proxy gets a connection from IP a.b.c.d from host w.x.y.z, it and, by some kind of magical glue, can figure out that host w.x.y.z recently was given the information that host www.foo.com is at a.b.c.d, it can also give the client a certificate for www.foo.com. The connection can then quite easily be scanned and proxied to www.foo.com. As long as the issuing CA is trusted by the clients (which should be quite easy to implement), the proxy would should be transparent to the end-users. So does anyone know of solutions either technically or functionally equivalent ot this? Or have I just overlooked something obvious and presented another fundamentally flawed idea for a HTTPS proxy? (I hope not:-) kind regards, -sig -- Sigurd Urdahl sigurdur () linpro no Systemkonsulent og sånt Systems consultant and such Linpro A/S http://www.linpro.no/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- HTTPS proxy solutions Sigurd Urdahl (Mar 07)
- RE: HTTPS proxy solutions lordchariot (Mar 08)