trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Obydionnov <stasik...@gmail.com>
Subject Transparent HTTPS proxy using ATS
Date Thu, 05 Jul 2012 22:01:12 GMT
Hi,

First of all, I would like to thank all people behind the ATS, I just enjoy
each time I work with it. Thanks you very much guys.

Now to the question.
I would like to raise the subj once again. I saw discussions in this
mailing list and read /. article.

The motivation for this is a security requirements. We need to perform URL
filtering on all HTTP(S) traffic. I'm aware of an ethic aspect of such
approach, but unfortunately "bad people" are using HTTPS connections more
and more for transferring stolen information and downloading malware to the
infected machines. In addition blocking certain sites (like gambling) in
the office is also an acceptable policy. So now SSL interception on proxy
server is a requirement defined by IT managers of many organizations.

The mechanism for this is described here(
http://mail-archives.apache.org/mod_mbox/trafficserver-dev/201206.mbox/%3CE0E627D3EA79C24397D2A4543361AB19049B9C35@CEXNT.commtouch.com%3E).
In squid language, I think, it's called "ssl bumping", I found the
following article
http://blog.davidvassallo.me/2011/03/22/squid-transparent-ssl-interception/ on
how to configure squid transparently to intercept SSL.

So my question is: is such kind of setup is possible using ATS or maybe
this functionality may be implemented in plugin?

Thank you in advance.
Stas.

Mime
View raw message