1
Web Proxy Filtering and Caching / transparent web proxy without mitm for https not working
« on: July 04, 2021, 01:03:04 am »
Hi,
I just want to get the web proxy running to deny all outgoing traffic except for a few domains.
I enabled SSL inspection and "Log SNI information only", because as far as I understand this is needed to be able to do ACL filtering on DNS names, right?
If I configure the browser on the host (192.168.1.102) to directly use the web proxy for http/https on port 3128 it does work as expected.
If I try to do it transparent via the Port Forwarding NAT rule, I get a "SSL_ERROR_RX_RECORD_TOO_LONG" which seems like, there is something wrong with the redirect rule:
Any help appreciated.
Cheers Jonas
I just want to get the web proxy running to deny all outgoing traffic except for a few domains.
I enabled SSL inspection and "Log SNI information only", because as far as I understand this is needed to be able to do ACL filtering on DNS names, right?
If I configure the browser on the host (192.168.1.102) to directly use the web proxy for http/https on port 3128 it does work as expected.
If I try to do it transparent via the Port Forwarding NAT rule, I get a "SSL_ERROR_RX_RECORD_TOO_LONG" which seems like, there is something wrong with the redirect rule:
Quote
IF1 TCP 192.168.1.102 * ! 192.168.1.0/24 443 (HTTPS) 192.168.1.23 3128 redirect traffic to proxy HTTPS
Any help appreciated.
Cheers Jonas