Reverse proxy + HTTPS/SSL interception
-
Why when I enable HTTPS/SSL interception (Enable SSL filtering) in Squid3-dev 3.3.10 Proxy server, the service Reverse Proxy doesn't work?
In Squid Reverse HTTP setting it's enable HTTP reverse mode. -
did you tic Enable HTTPS reverse proxy ?
-
-
can someone help me?
-
can someone help me?
Did your clients have the root CA installed?
If you intercept SSL Traffic, all Clients need to trust the Certificate as master.
SSL Interception is nearly the same as a "man in the middle Attack". -
Hi, I do not your setup (or what you have not done) so please read through these two links
https://forum.pfsense.org/index.php?topic=73640.0
https://forum.pfsense.org/index.php?topic=79389.0
After that tell me if it fixed the problem.
-
SquidGuard isn't the problem, it's not enabled.
I have 2 internal lan:- LAN with: windows server 2008 r2 with Active directory; windows users; ubuntu server 14.04 with LAMP, so it's my first web server.
- DMZ with only the second web server, an other ubuntu 14.04 with LAMP.
Reverse proxy works when:
-
Proxy server: Authentication –> Authentication method: None
-
SSL interceptin ON or OFF
or
-
Proxy server: Authentication –> Authentication method: LDAP or Local
-
SSL interceptin OFF
Reverse proxy doesn't work when:
-
Proxy server: Authentication –> Authentication method: LDAP or Local
-
SSL interceptin ON
Hi, I do not your setup (or what you have not done) so please read through these two links
https://forum.pfsense.org/index.php?topic=73640.0
https://forum.pfsense.org/index.php?topic=79389.0
After that tell me if it fixed the problem.
It doesn't fix the problem.
In squid real time log STATUS:
TCP_MISS/200 is reverse proxy working
TCP_MISS/503 reverse proxy is not working![04 reverse proxy.JPG](/public/imported_attachments/1/04 reverse proxy.JPG)
![04 reverse proxy.JPG_thumb](/public/imported_attachments/1/04 reverse proxy.JPG_thumb)
![05 proxy.JPG](/public/imported_attachments/1/05 proxy.JPG)
![05 proxy.JPG_thumb](/public/imported_attachments/1/05 proxy.JPG_thumb)
![06 proxy.JPG](/public/imported_attachments/1/06 proxy.JPG)
![06 proxy.JPG_thumb](/public/imported_attachments/1/06 proxy.JPG_thumb)
![11 error.JPG](/public/imported_attachments/1/11 error.JPG)
![11 error.JPG_thumb](/public/imported_attachments/1/11 error.JPG_thumb)
![12 tcp miss.JPG](/public/imported_attachments/1/12 tcp miss.JPG)
![12 tcp miss.JPG_thumb](/public/imported_attachments/1/12 tcp miss.JPG_thumb) -
Hi, ok a few ideas
in "reverse SSL certificate" it is set as "webConfigurator default" should be certif1
tic "Transparent http proxy" as well
What is in your "Integrations"
What is in your "Custom ACLS (Before_Auth)"
In webConfigurator
What is your "SSL Certificate" set to? (should be certif1 not webConfigurator default)
And lastly when you created your Certificate was Server set to Yes (see link)
http://www.sxl.net/guides/how-to-setup-pfsense-ssl-certificate-authority/
I hope this helps