OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: Conti on February 11, 2019, 01:23:47 pm
-
Hello,
after reading some docs I am not sure if this will work: I want to setup a transparent proxy with authentication. As normal http sites are no big deal, these sites should be cached. I think this is the easy part. For all (!) https sites, I just want a basic authentication with local users (to avoid MITM and proxy cert). Is this a common setup and will this work with OPNSense? Any hints for the implementation?
BR
-
As far as I know, squid does not support that. There are some tricks for passive authentication state injection (for example sync with an network auth server), but they are currently not implemented.
-
Thanks you for your answer. Would it be possible without authentication? At least to log https traffic instead of just let it pass the firewall with permit tcp 443.
-
yes, that should work (there must be a checkbox somewhere) on the page, where you configure the HTTPS inspection.