On Monday 17 January 2005 12:08, Wouter Verhelst wrote:
> Are the things you want to send through the proxy delimited by the
> network they appear on? e.g., you want traffic for the 'Net to go
> through the proxy, but want to keep traffic for your local LAN as direct
> traffic? If so, then transparent proxying should work perfectly for you.
No, actually what I want to do is provide a bit of security in a hostile
network environment. Let's say we have a user who wants to check his
web-based email (Yahoo, Hotmail, etc.) that doesn't offer SSL, and there's a
high possibility that the network is being monitored by Unfriendlies. The
second problem is that said user could potential desire to visit any website
where he would be handing over passwords, credit card numbers, etc., so
building a "whitelist" of servers, as some have suggested. My attempt at a
solution is to provide a secure https server that acts as a proxy; all
traffic from, say, Hotmail, would be encrypted by the server before being
passed on to the user, but at the user's discretion, rather than my direct
intervention.
However, since my bandwidth is not unlimited, and since there's no point
in encrypting _everything_, I don't want everything to go through the server.
Several people have mentioned CGIProxy, which almost fits the bill, except
that sites that require JavaScript can be problematic. Plus, it's horribly
slow. However, in the absence of any other alternative, it's all that I've
got.
:Peter
