Using Squid and Juniper PBR as a transparent proxy

Organisations can use proxy servers for various reasons; to restrict access to certain content, to cache web pages and reduce internet traffic – whatever the reason various approaches can be used:

  • Explicitly specify a proxy server in applications such as Internet Explorer
  • Use Proxy auto-config
  • Transparently force HTTP traffic through a proxy server

This blog post will focus on the last option, transparently routing traffic through a proxy server. There are some disadvantages to this approach:

  • Authentication can’t be performed on a per-user basis as the web browser is unaware that traffic is bring sent through a proxy server
  • Without having client computers trust a custom CA and performing a man-in-the-middle attack on all HTTPS traffic, SSL/TLS traffic can’t be sent through the proxy

Once implemented, this will look something like the following:

Squid Policy Based Routing
Continue reading Using Squid and Juniper PBR as a transparent proxy