On 28/02/2014 8:49 p.m., Jerry OELoo wrote:
> To summarize it. Please correct me if anything wrong, Thanks in advance.
>
Please be a lot more specific. The area we are discussing has a LOT of
complexity and very small distinctions between things cause very big
differences in configuration and behaviour.
> If I want to just transparent pass through http/https packets (Do not
> read, modify it), I can just use http_port to open some port, and
> client set browser proxy+port directly, and from my testing, it is
> right.
Please avoid saying "transparent" because there are several
"transparent" (proxy/relay/authentication/redirect/interception) terms
in HTTP plus several which people call "transparent" when they are not
actually. 3 of those very different meanings apply to what we have been
talking about so far. I cant tell if you are adding in some of the other
meanings as criteria or not.
Can you please use the port number to indicate which protocol stack of
traffic you are talking about for each requirement.
Because "HTTPS" and "https://" are different things, and port 443 and
80 traffic is a mix of the two along with various other things I am
trying to avoid confusing you with.
>
> If I want to get client's https request,
Are you taking about HTTP with https://, or HTTP with CONNECT tunnel of
HTTPS, or HTTP on port 443?
All of those have different answers to the question you are asking.
Please be specific.
> such as get the browser html
> content in https, insert some javascript into client's browser https
> response page,
Format of the reply object is not relevant. Please skip that.
> I need set up NAT on server B
For transparent intercept of port 443 that would be yes.
> (B should be a gateway or server?
It should be setup as a router.
> A is a LAN PC whose gateway points
> B?,
IF you choose to make PC B the LAN network gateway.
> Am i right here?),
There is no absolute right/wrong. Each of your choices about how to send
the traffic from PC A to PC B determines how PC A and PC B have to be
configured.
>
> and then iptables to redirect client A's https packets to squid
> https_port. then use squid ssl bump to read/write client's html
> content in https.
>
Lets avoid the generic terms:
* transparent - a single word with an category of action with 8
different meanings, 6 of which apply to different Squid configs.
* redirect - an action with >20 different configurations involving
different combination of 3 slayers of the networking stack). None of
which are what you meant to say!
Amos
Received on Sat Mar 01 2014 - 06:43:46 MST
This archive was generated by hypermail 2.2.0 : Sat Mar 01 2014 - 12:00:06 MST