On Tue, Oct 6, 2020 at 10:28 AM Witold Tosta <[email protected]> wrote: > >> In any case, I'm now using a combination of TPROXY for HTTP and >> redirect interceptions for HTTPS as follows, and both types of traffic >> seem to be proxied without errors. >> > > It seems like it might work. TPROXY for unencrypted http traffic and SSL BUMP > for HTTPS. > > Let us know, Vieri, if this worked for you.
Yes, Witek, it works fine. I just want to point out that it was also working when using https_port tproxy sslbump in Squid and TPROXY() in SW just as long as I specified one port at a time. The system was behaving as a MITM and analyzing HTTPS traffic on all ports. Anyway, from a pragmatic point of view if TPROXY can't be used on HTTPS then I'll be using REDIRECT. Thanks, Vieri _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
