HTTPS/SSL Redirection over NAT dan WWW Proxy

[ng.anton]

Hi,

I've been using WinGate for a few years and actually I've been having this problem since then. I'm setting up the WinGate Server to be used over NAT by my LAN users. And I'm redirecting their Web access to a WWW Proxy Server using Sessions|Transparent Proxy. I have problem to redirect their HTTPS/SSL access, even after I put the settings in Https page. On the transparent proxy, if I only put port 80, the packet from client will be blocked by the Firewall. After I add port 443 on the transparent proxy, the client still cannot access the HTTPS/SSL site. I had to remove the port 443 from transparent proxy and add a new TCP Mapping Service to redirect port 443 to allow my LAN users to access the HTTPS/SSL. The problem with this approach is WinGate cannot log the server name in the log files, only the IP address of the server is logged, so instead of https://secured.server.com, 69.45.34.1 is logged.

How do I setup WinGate for this purposes? Thanks for any input.

Regards,
Anton

[logan]

Hi Anton,

This actually isn't a bug. The reason HTTPS requests are encrypted with SSL is to prevent any hosts other than the intended destination host from reading the contents of the request. Because WinGate comes under the heading of 'other host' and 'not the intended destination host', WinGate cannot read the contents of HTTPS request, and so, will not know what to do with any HTTPS requests that it intercepts.

If you require that HTTPS traffic traverse the WWW Proxy Server, then you can set the HTTPS proxy setting in your client browsers. When the client is configured to use an proxy for HTTPS traffic, it will leave enough headers unencrypted so the the proxy server knows what it is meant to do with the request. The contents of the request will still be encrypted though and the proxy won't be able to read that.