Now when turning on the SSL part of the proxy, to scan https as well, that doesn't seem to work for my setup...
I set the HTTP/S in Transparent mode, turned on "Scan HTTPS (SSL) Traffic" which works and tried with turning "Full transparent mode" on too, but only http pages are coming through then ...
Anything I'm missing here?
This is the case with my banking site (https://directnet.dexia.be) and our webmail system at work, Firefox keeps telling me "Connected to ..." but the page doesn't appear.
What is the Full Transparent mode anyway?
edit:
I found some postings about the same problem. Seems the Full Transparent Proxy mode only works on bridged connections, as the traffic isn't ended on the firewall, but the proxy connects the originating webserver with the requestion client... In NAT'ed and MASQ'ed environments, this isn't possible as the originating webserver cannot see the requesting client. Sorry for this (stupid?) question...
I see that when the https proxy is on, the certificate is 'proxied' too... which seems normal, as the traffic endpoint now is the firewall, and not my browser, so it must be passed on somehow... I read the discussion that was posted here before, but was wondering if this might have any issues with banking, or other certificate related websites we know of?
Or better, is this to be changed (or changeable at all?), so the original certificate is passed through?
Bram
edit:
In fact, when browsing to a https:// page with the SSL scanning set to On, I get an in-between page telling me what Firefox always does with our self-signed certificates: that the Certificate is not known or signed by a know CA, and therefore cannot be trusted...
The problem is:
The page is text-only, displaying an errorbox for where a picture was supposed to be (I guess) and the text is very unclear... I see these messages a couple of times per day, and even I had to read it about 4 times (I scan messages like this very quickly, but this one needed several re-scan/re-reads) before I knew what was happening, and what link to click.
This could be cleaned up a bit, so it is easier to understand... Maybe buttons like the options in FF3 giving the option 'I DO want to go further' and 'Get me out of here'...?
Just an idea...
Extra:
When enabling the "Remove Embedded Objects (ActiveX/Java/flash)", that doesn't seem to do that much. The proxy here is set in 'normal' Transparent Mode, as it always has been, and my Flash 10 based radio player (StuBru) still works...