OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: Conti on February 11, 2019, 01:23:47 pm

Title: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
Post by: Conti on February 11, 2019, 01:23:47 pm
Hello,
after reading some docs I am not sure if this will work: I want to setup a transparent proxy with authentication. As normal http sites are no big deal, these sites should be cached. I think this is the easy part. For all (!) https sites, I just want a basic authentication with local users (to avoid MITM and proxy cert). Is this a common setup and will this work with OPNSense? Any hints for the implementation?
BR
Title: Re: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
Post by: fabian on February 11, 2019, 05:23:40 pm
As far as I know, squid does not support that. There are some tricks for passive authentication state injection (for example sync with an network auth server), but they are currently not implemented.
Title: Re: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
Post by: Conti on February 11, 2019, 07:03:31 pm
Thanks you for your answer. Would it be possible without authentication? At least to log https traffic instead of just let it pass the firewall with permit tcp 443.
Title: Re: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
Post by: fabian on February 12, 2019, 06:51:01 pm
yes, that should work (there must be a checkbox somewhere) on the page, where you configure the HTTPS inspection.