Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to disable SSL filtering in transparent mode while SSL enable

    Scheduled Pinned Locked Moved Cache/Proxy
    7 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kababayan
      last edited by

      While SSL intercept enable sometimes we want only http to be filter in transparent mode to avoid some certificate warning to some users. To do this just add NAT rule no RDR interface your lan interface, source lan net, destination any port 443. thats it. Hope you find it usefull

      1 Reply Last reply Reply Quote 0
      • C
        chris4916
        last edited by

        I don't understand why you would configure "SSL intercept" and don't want to filter HTTPS.
        I standard transparent mode (without SSL-bump) HTTPS is never filtered.

        Thus if you want not to filter HTTPS with proxy in transparent mode, do not configure SSL6Bump, that's it  ;)

        On the other hand, one debate could be to discuss why you would want to deploy transparent proxy which is, IMHO, the main issue.
        Transparent proxy is really not a suitable design  :-\

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        • K
          Kababayan
          last edited by

          AS i said if user did not install the certificate they would have a certificate warning message. If you don't bump  the server certificate how can you cache the content unless you just want to tunnel https. Man in the middle.

          1 Reply Last reply Reply Quote 0
          • C
            chris4916
            last edited by

            Well, frankly speaking, I don't understand your point.
            Perhaps due to my poor English?

            What's your goal?
            To cache but not filter HTTPS content? In order to save bandwidth?

            Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

            1 Reply Last reply Reply Quote 0
            • K
              Kababayan
              last edited by

              yes to save some bandwidth. I cache youtube video and other https cacheble items. SO i need to bump the certificate I dont want to explain to other user how to install those certificate in their browser. to avoid these I just dont make https transparent, If you have a better option caching https without installing the proxy certificate it would be nice so that I can enable transparent mode with SSL without certificate problem.

              1 Reply Last reply Reply Quote 0
              • C
                chris4916
                last edited by

                To make it simple: you can't cache HTTPS without SSL-Bump. This is not linked to transparent or explicit proxy design.

                Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                1 Reply Last reply Reply Quote 0
                • K
                  Kababayan
                  last edited by

                  Exactly thats why I am posting this :). If you have a better solution then post it

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.