Help Understanding Proxy Servers
I wonder if someone can help me understand this.
I understand that proxy servers such as Squid cannot proxy HTTPS traffic without complex configuration which appears as a man in the middle attack to the end user. But we are able to successfully proxy HTTPS traffic with full logging with TMG 2010, why the difference? Also, I am confused how Squid and similar software has become so popular if HTTPS traffic is not supported.
I'm sure I'm misunderstanding this somehow, could someone please explain?
Isnt TMG2010 the old isa server?
ISA used to automatically allow the https from the workstation through to the web it never proxied or cached https, but if you set isa to force https through the proxy which it allowed you to do then https would not work.
Are you certain the https is passing through the TMG and its not being allowed to just tunnel through to the web ignoring the proxy.
What does IE have in the connection settings or are you using a firewall client app as ISA used to come with a firewall client app which allowed for further configuration of some apps like allowed protocols and ports.
To fully proxy https traffic you need to run a man-in-the-middle like you said. If you have the correct certificates in place though your users won't see any warnings and hence probably won't know anything about it.
Perhaps tmg inserts the correct certs without you doing anything?