Re: Squid & https

Questions should be sent to the squid-users mailinglist.

No, the SSL traffic is encrypted between the browser and the origin
site. The only information available to the proxy (which in this context
technically isn't operating as a proxy but a tunnel) is
a) The client IP address
b) FQDN (full domain name) of the server
c) Proxy authentication provided by the user, if used.
d) Time when the connection was established and duration
e) Amount of data transferred, including encryption overhead.

--
Henrik Nordstrom
Squid hacker
Mehta, Nirav wrote:
> 
> Henrik,
>    I was told that your an authority on squid. I am thinking about using
> squid for an internal proxy however i had a few questions. I was wondering
> if you could answer them. Can you please explain how squid and https works.
> does the https request
> pass clear thru between the users's browser and the ssl endpoint(web site
> such as amazon.com). Is there a way for squid to log all the ssl
> transactions. Can squid be setup so the user connects via ssl to the
> proxy and then the proxy connects via ssl to the web site. I appreciate
> the help. Thnk you.
> 
> - Nirav Mehta
> 
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Monday, October 09, 2000 7:16 PM
> To: James Fung
> Cc: squid-users@ircache.net
> Subject: Re: [SQU] missing-http-ident ?
> 
> James Fung wrote:
> >
> > Hello all,
> >
> >         Has anyone else seen this problem, and perhaps more importantly,
> > does anyone know of a solution?  Going to http://www.metacrawler.com (a
> > popular search engine) and doing a search for "html java" will produce
> > the following error :
> >
> >
> ---------------------------------------------------------------------------
> > The requested URL could not be retrieved
> >
> > While trying to process the request:
> >
> > GET
> http://ad.doubleclick.net/adj/N1713.go2net/B23532.9;abr=!ie;sz=468x60;[
> > keyword];ord=35687 HTTP/1.0
> > Proxy-Connection: Keep-Alive
> > User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686; Nav)
> 
> [...]
> >         At the same time this error message appears, a
> "missing-http-ident"
> > appears in the Squid logs.  It looks like there's a carriage return in the
> > URL which is causing Squid grief.  Is there a way to tell Squid to ignore
> > the CR?
> 
> AFAIK Squid ignores CR (just another form of whitespace), but it does
> not ignore NL.
> 
> NL is part of the HTTP protocol and cannot be ignored.
> 
> What can be done is to work around the issue by changing Squid to
> support HTTP/0.9. However, the HTTP/0.9 support is hidden in the sources
> and slightly broken for the moment...
> 
> This error is quite often seen with JavaScrip driven ad-banners and
> similar things...
> 
> --
> Henrik Nordstrom
> Squid hacker
> 
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html