In message <_A4936@delegate-en.ML_> on 11/17/10(22:41:48)
you "Gilgan Jan" <firstname.lastname@example.org> wrote:
|i am currently trying to install delegate with havp
|as a HTTPS-Virus Scanner.
|The goal is to "unpack" the SSL-Encrypted traffic,
|scan it for viruses / malware and then reencrypt it.
|Unfortunately it does not work for HTTPS-Connections.
|I tried several configuration options but nothing seems to work.
|Maybe you have a hint or an idea how to solve this?
|Or might it be impossible?
You can use DeleGate (which is working as an explicit HTTP proxy
and SSLtunnel for clients) to do peeping/caching/filtering/...
the content of HTTPS/SSL messages as follows:
% delegated -P8080 SERVER=http STLS=mitm
To filter the messages, you can add a local filter program
(from the standard input to the standard output) as follows
% delegated -P8080 SERVER=http STLS=mitm FTOCL=filter
If you have a filtering system running in the lower layer (on
TCP/IP), chaining two DeleGate servers as follows will let the
filtering system peep and filter the messages between two DeleGate
which is sent without encryption.
% delegated -P8080 SERVER=http STLS=mitm,-fsv PROXY=localhost:9999
% delegated -P9999 SERVER=http STLS=fsv:https
In the above example, the first proxy accepts CONNECT and
HTTPS/SSL from the client and pass it to the second proxy
The second proxy connect to the target server and encrypt
the content between the server.
9 9 Yutaka Sato, CSDP,ITIL-F,OCUP-A <URL:http://delegate.org/y.sato/>
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller