In this page it is possible to configure the proxy server for the scan of SSL-encrypted traffic, i.e., traffic through the 443 port. When enabled, squid will intercept all clients’ requests and forward them to the remote server, like in the case of HTTP requests. The only difference is that for HTTPS requests, an ‘intermediate’ certificate is needed for the client to connect via HTTPS to the Endian UTM Appliance, which then can deliver the request, retrieve the remote resource, control it, and then send it to the client who requested it.
There are three available settings in this page, divided in two parts: The first one allows the set up the HTTPS proxy, whereas the second one is used to manage the Endian UTM Appliance‘s certificate.
Enable HTTPS Proxy
Tick this checkbox to activate the HTTPS proxy. The next option will appear.
Accept every certificate
This option allows the Endian UTM Appliance to automatically accept all the certificates from the remote server, even those that are not valid or outdated.
Entries in the HTTPS proxy white-list.
When the entry is an IP address, HTTPS traffic directed to that IP will not pass from the HTTPS proxy. When the entry is a domain name, like e.g.,
www.example.org only that site will be bypassed. However, when using a dot . at the beginning of a domain name, all the traffic to that domain and all its subdomains will be allowed.
Examples:
93.184.216.119 allow only site
https://93.184.216.119/www.example.org allow only site
https://www.example.org/.example.org allow all sites ending with .example.org, like e.g.,
https://www.example.org/index.html https://mail.example.org/mail.html https://www.news.example.org/news.html and so on.
Bypass HTTPS proxy for destinations
Write in the textfield the IP address or domain name of the remote web sites that should be skipped by the HTTPS proxy, one per line.
To activate the HTTPS proxy, click on Save and wait a few seconds.
The lower part can be used to either upload a certificate that will be used by the Endian UTM Appliance or to generate a new one, that will replace the one already present, if any.
Upload proxy certificate
To use an existent certificate, click on Browse..., choose the certificate on the local hard disk, then click on Upload to copy the certificate to the Endian UTM Appliance.
Create a new certificate
To create a new certificate from scratch, click on this button. A confirmation dialog box appears, requiring a confirmation. Clock on OK to proceed or on Cancel to close the dialog box and go back.
After the certificate has been uploaded or created, a new option in the form of a hyperlink will appear next to the Upload proxy certificate label:
Download
Click this hyperlink to download the certificate, which will be needed by the the clients.
Author