OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
« previous next »
  • Print
Pages: [1]

Author Topic: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS  (Read 577 times)

Conti

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
[Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
« on: February 11, 2019, 01:23:47 pm »
Hello,
after reading some docs I am not sure if this will work: I want to setup a transparent proxy with authentication. As normal http sites are no big deal, these sites should be cached. I think this is the easy part. For all (!) https sites, I just want a basic authentication with local users (to avoid MITM and proxy cert). Is this a common setup and will this work with OPNSense? Any hints for the implementation?
BR
Logged

fabian

  • Moderator
  • Hero Member
  • *****
  • Posts: 2041
  • Karma: 154
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
« Reply #1 on: February 11, 2019, 05:23:40 pm »
As far as I know, squid does not support that. There are some tricks for passive authentication state injection (for example sync with an network auth server), but they are currently not implemented.
Logged

Conti

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
« Reply #2 on: February 11, 2019, 07:03:31 pm »
Thanks you for your answer. Would it be possible without authentication? At least to log https traffic instead of just let it pass the firewall with permit tcp 443.
Logged

fabian

  • Moderator
  • Hero Member
  • *****
  • Posts: 2041
  • Karma: 154
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
« Reply #3 on: February 12, 2019, 06:51:01 pm »
yes, that should work (there must be a checkbox somewhere) on the page, where you configure the HTTPS inspection.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • [Transparent Proxy] Caching and Auth for HTTP, just Auth for HTTPS
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2