Главная
Форум
Контакты
Купить
Поддержи проект
Поиск
Искать:
Расширенный поиск
[Закрыть]
Правила форума
Войти
Регистрация
Russian
English
HandyCache форум
Главная категория
»
English forum
»
Transparent Https with mikrotik
Имя пользователя:
1 час
1 день
1 неделя
1 месяц
Навсегда
Пароль:
Страниц: [
1
]
Вниз
« предыдущая тема
следующая тема »
Отправить эту тему
Печать
Автор
Тема: Transparent Https with mikrotik (Прочитано 8362 раз)
0 Пользователей и 1 Гость смотрят эту тему.
pdionisis
Новичок
Репутация: +0/-0
Offline
Сообщений: 9
Transparent Https with mikrotik
«
:
07 марта 2017, 19:43:13 »
Hello
I want to block all outgoing http and https traffic with mikrotik firewall and redirect it to Handycache machine
Handycache is 192.168.100.27 port 8080 and I have checked the ssl handling
When I specify the handycache as proxy, it works as expected (more or less) including https
When I use mikrotik to redirect tcp port 80 to handycache (http) everything works as expected
BUT
when I use the same rule to redirect tcp port 443 (https) to handycache it seems that handycache
does not accept it (I see no connections at the monitor) although mikrotik reports that it has
redirected the packet.
Any help?
Should I make something special at handycache to accept redirected https packets?
I use the following commands at mikrotik.
"Redirect http to proxy" :
chain=dstnat action=dst-nat to-addresses=192.168.100.27 to-ports=8080 protocol=tcp src-address=!192.168.100.27 in-interface=i219 dst-port=80 log=no
log-prefix=""
;;; Redirect https to proxy
chain=dstnat action=dst-nat to-addresses=192.168.100.27 to-ports=8080 protocol=tcp src-address=!192.168.100.27 dst-port=443 log=no log-prefix=""
Сообщить модератору
Записан
zed
Постоялец
Репутация: +4/-0
Offline
Сообщений: 141
Re: Transparent Https with mikrotik
«
Ответ #1 :
07 марта 2017, 23:22:47 »
I think that there is nothing that you can do, because this is a HC issue.
Now, HC expects that client (browser) know, that it will work with proxy server and at first it will send CONNECT request to the proxy, to establish secure tunnel.
To accept redirected request from clients that don't know anything about proxy, HC should listen incoming requests on some another port (443 fo example) and accept all requests directly. And, of course, listening this port make sense only if SSL handling is enabled.
Implementation of this feature is pretty simple, so you should ask
mai62
to add it.
Сообщить модератору
Записан
pdionisis
Новичок
Репутация: +0/-0
Offline
Сообщений: 9
Re: Transparent Https with mikrotik
«
Ответ #2 :
08 марта 2017, 10:16:34 »
THANK YOU zed
PLEASE mai62 consider enabling this function.
It is critical not only for me but also many others who have a firewall and want to block
programs that bypass the proxy and talk directly to internet.
Some of them do not have an option to specify a proxy and some other do it on purpose.
(Looking at the connections at my firewall I see many unrecognized connections from programs
that try to connect directly to internet.For example a new LG smartTV that tries to connect to
central office of the manufacturer.....)
Thank You
Posted on: 08 March 2017, 09:37:53
Do you know If using a programm like proxifier would work?
Or proxifier works only for connections from the same pc(not for incoming connections)?
Is it possible to run proxifier together with handycache at the same machine and have the mikrotik(firewall) redirect traffic (https)
from all the network to this machine ?
The redirected https traffic to come from mikrotik to proxifier and then redirected again to handycache?
Сообщить модератору
Записан
Страниц: [
1
]
Вверх
Отправить эту тему
Печать
« предыдущая тема
следующая тема »
Перейти в:
Пожалуйста, выберите назначение:
-----------------------------
Главная категория
-----------------------------
=> Общие вопросы
=> Новые предложения
=> Дополнения, плагины
=> Сжатие трафика
=> English forum
=> Indonesian forum
-----------------------------
Гостевая
-----------------------------
=> Гостевая
-----------------------------
Дела домашние
-----------------------------
=> Сайт и форум HandyCache
=> Курилка
© 2006-2014 HandyCache Team. Все права защищены.
Загружается...