[sslh] Transparent proxying (Was: SSLH + 127.0.0.1 apache logs solution?)
Yves Rutschle
yves at naryves.com
Tue Oct 9 13:44:19 CEST 2012
On Tue, Oct 09, 2012 at 10:23:56AM +0100, Jon Spriggs wrote:
> Ideally, I'd like to be able to use SSLH to intercept the initiating
> connection, and re-write the packet as it traverses SSLH so that it is
> going to 127.0.0.1:443, but coming from the real initiating address of
> 1.2.3.4:56789 (rather than the SSLH initiated 127.0.0.1:54321).
> There's a lot of stuff to actually make that happen, if only to make
> the response stuff work (maybe involving transparent proxies or
> routing, which is probably outside the scope of this!) but if someone
> could find a project to make this happen, I'd be a happy man!
I have started working on supporting transparent proxying in
sslh (despite my rant against it in the README :) ).
I think the C code in sslh is now fine, but I am having
problems with the iptable side of things (which you need to
implement proxying: my guess is you need to re-route
response traffic from the server to the outside IP address
through sslh). If someone knows iptables or has got
transparent proxying to work with another proxy (e.g. squid)
I'd be happy to provide a patch and see if we can get that
working.
Cheers,
Y.
More information about the sslh
mailing list