1
Web Proxy Filtering and Caching / Re: [HAproxy] Condition: If SNI is present
« on: May 04, 2023, 11:13:03 pm »Please check for yourself what it does and report back.
Another issue I found is that HAproxy behind sslh only sees request coming from localhost instead of the client IP address. Regarding to the documentation of sslh the option "--transparent" should be used to make sslh a transparent proxy and to forward the client IP. However, this option seems to be not available in os-sslh :'(
Addition:
I found the commit https://github.com/opnsense/plugins/pull/2729/commits/d882e31712c4edb99d2e5f3a08ee60f1918be76a which states "Remove transparent functionality: Documentation reports this as a "Linux only" feature, remove since there is no provision for using this on FreeBSD."
I am wondering about this, because the documentation of sslh states for the Transparent Proxy "On Linux and FreeBSD you can use the --transparent option to request transparent proxying." (Source: https://github.com/yrutschle/sslh/blob/master/doc/tproxy.md).
My feeling is at the moment that the os-sslh implementation is far from complete and does not allow a lot of the features sslh provides.