I have following problem: I want to avoid the user to explicitly specify a https-proxy in his browser. Let me explain: For http, a transparent proxy can be interfaced via iptables DNAT, for example.Same for https will not work, without certificates installed etc.However, I only want some basic info about the https-session, like traffic volume or destination domain. In case, there is an explicit https-proxy defined in the browser, I can get this info from the connect request, preceding the secure data exchange.But I want to avoid this explicit declararion. Most likely I will need some custom programming for this, but may be there is a specialist here to give some direction.
Not sure I understand your need. But it seems to me you can get what you want at the firewall level. You can enable ip accounting and set some rules to log https connections. Then you Can parse the logs to obtain your data.
Regards, Jose
El 20/6/2015, a las 10:12, reiner otto augustus_meyer@yahoo.de escribió:
I have following problem: I want to avoid the user to explicitly specify a https-proxy in his browser. Let me explain: For http, a transparent proxy can be interfaced via iptables DNAT, for example. Same for https will not work, without certificates installed etc. However, I only want some basic info about the https-session, like traffic volume or destination domain. In case, there is an explicit https-proxy defined in the browser, I can get this info from the connect request, preceding the secure data exchange. But I want to avoid this explicit declararion. Most likely I will need some custom programming for this, but may be there is a specialist here to give some direction.
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Good idea, as it looks like a more reasonable approach. I will check it out.Thanx a lot.
Josealf.rm josealf@rocketmail.com schrieb am 13:33 Montag, 22.Juni 2015:
Not sure I understand your need. But it seems to me you can get what you want at the firewall level. You can enable ip accounting and set some rules to log https connections. Then you Can parse the logs to obtain your data.
Regards,Jose El 20/6/2015, a las 10:12, reiner otto augustus_meyer@yahoo.de escribió:
I have following problem: I want to avoid the user to explicitly specify a https-proxy in his browser. Let me explain: For http, a transparent proxy can be interfaced via iptables DNAT, for example.Same for https will not work, without certificates installed etc.However, I only want some basic info about the https-session, like traffic volume or destination domain. In case, there is an explicit https-proxy defined in the browser, I can get this info from the connect request, preceding the secure data exchange.But I want to avoid this explicit declararion. Most likely I will need some custom programming for this, but may be there is a specialist here to give some direction.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users