Re: [squid-users] HTTPS &Reverse proxy

From: Adam Lang <aalang@dont-contact.us>
Date: Wed, 18 Apr 2001 10:19:49 -0400

That is what I was thinking, but I think I understand what Henrik is saying.

Say in your DMZ you have a webserver and a squid accelorator. Squid talks
to the webserer in normal HTTP, but Squid is configured to talk to the
clients in HTTPS.

So, between squid and webserver it is "unsecure", but it is in your private
network, so it is ok. But the client requests pages from Squid using SSL,
so it is secure going over the internet.

What would be nice about this scenario, if I understand correctly, would be
a situation if you have three webservers in your DMZ and one squid machine
configured as an HTTPS endpoint. Instead of configuring each webserver with
SSL, you just have to configure Squid. Squid handles the security between
itself and the client (which travels over the internet) and squid talks to
the webserver (which travels over your private network). You get three SSL
webservers with the configuration of one proxy.

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Balu" <balu_2003@yahoo.com>
To: "Henrik Nordstrom" <hno@hem.passagen.se>; "jack" <sa_jill@yahoo.co.uk>
Cc: "Squid Users" <squid-users@squid-cache.org>
Sent: Wednesday, April 18, 2001 2:29 PM
Subject: Re: [squid-users] HTTPS &Reverse proxy

> Hello,
>
> In this scenario that is as you have said
>
> 1) HTTPS->squid->HTTP-origin server(There is no security)
>
> If the origin server runs SSL mode.Then it won't accept the HTTP request?
>
> Is it possible in this scenario for squid to cache the page.
>
> If I am wrong educate me.
>
> Thanks,
> -Balu.
>
> ----- Original Message -----
> From: Henrik Nordstrom <hno@hem.passagen.se>
> To: jack <sa_jill@yahoo.co.uk>
> Cc: Squid Users <squid-users@squid-cache.org>
> Sent: Monday, April 16, 2001 7:07 PM
> Subject: Re: [squid-users] HTTPS &Reverse proxy
>
>
> > Partially if using Squid-2.5 a current Squid-2.5 snapshot version. In
> > the current development version there is https->http gatewaying support,
> > meant to be used by accelerators. In this setup Squid acts as the SSL
> > endpoint, and then uses plain HTTP to fetch the objects from the backend
> > servers.
> >
> > Using client certificates is not yet possible. Contributions or ideas
> > how to support client certificates are welcome (any suggestions should
> > be sent to squid-dev@squid-cache.org).
> >
> > --
> > Henrik Nordstrom
> > Squid Hacker
> >
> >
> > jack wrote:
> > >
> > > Hi All,
> > >
> > > Can I configure squid to act as web accelerator for HTTPS enabled
> > > site......?
> > >
> > > Thanks,
> > > Jack.
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
Received on Wed Apr 18 2001 - 08:17:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:21 MST