Re: [squid-users] HTTPS &Reverse proxy

From: Adam Lang <aalang@dont-contact.us>
Date: Wed, 18 Apr 2001 11:26:59 -0400

Well, sort of. It would act exactly as it would when it normally runs as an
accelerator. Just now you have a secure connection between the client and
the accelerator.

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
To: "Adam Lang" <aalang@rutgersinsurance.com>
Cc: "Squid Users" <squid-users@squid-cache.org>
Sent: Wednesday, April 18, 2001 10:22 AM
Subject: RE: [squid-users] HTTPS &Reverse proxy

> So in that situation Squid would act as a kind of transparant proxy,
> accelerator. You could use some redirector to get pages form the
> appropriate server?
>
> -----Original Message-----
> From: Adam Lang [mailto:aalang@rutgersinsurance.com]
> Sent: 18 April 2001 15:20
> Cc: Squid Users
> Subject: Re: [squid-users] HTTPS &Reverse proxy
>
>
> That is what I was thinking, but I think I understand what Henrik is
saying.
>
> Say in your DMZ you have a webserver and a squid accelorator. Squid talks
> to the webserer in normal HTTP, but Squid is configured to talk to the
> clients in HTTPS.
>
> So, between squid and webserver it is "unsecure", but it is in your
private
> network, so it is ok. But the client requests pages from Squid using SSL,
> so it is secure going over the internet.
>
> What would be nice about this scenario, if I understand correctly, would
be
> a situation if you have three webservers in your DMZ and one squid machine
> configured as an HTTPS endpoint. Instead of configuring each webserver
with
> SSL, you just have to configure Squid. Squid handles the security between
> itself and the client (which travels over the internet) and squid talks to
> the webserver (which travels over your private network). You get three
SSL
> webservers with the configuration of one proxy.
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Balu" <balu_2003@yahoo.com>
> To: "Henrik Nordstrom" <hno@hem.passagen.se>; "jack" <sa_jill@yahoo.co.uk>
> Cc: "Squid Users" <squid-users@squid-cache.org>
> Sent: Wednesday, April 18, 2001 2:29 PM
> Subject: Re: [squid-users] HTTPS &Reverse proxy
>
>
> > Hello,
> >
> > In this scenario that is as you have said
> >
> > 1) HTTPS->squid->HTTP-origin server(There is no security)
> >
> > If the origin server runs SSL mode.Then it won't accept the HTTP
request?
> >
> > Is it possible in this scenario for squid to cache the page.
> >
> > If I am wrong educate me.
> >
> > Thanks,
> > -Balu.
> >
> > ----- Original Message -----
> > From: Henrik Nordstrom <hno@hem.passagen.se>
> > To: jack <sa_jill@yahoo.co.uk>
> > Cc: Squid Users <squid-users@squid-cache.org>
> > Sent: Monday, April 16, 2001 7:07 PM
> > Subject: Re: [squid-users] HTTPS &Reverse proxy
> >
> >
> > > Partially if using Squid-2.5 a current Squid-2.5 snapshot version. In
> > > the current development version there is https->http gatewaying
support,
> > > meant to be used by accelerators. In this setup Squid acts as the SSL
> > > endpoint, and then uses plain HTTP to fetch the objects from the
backend
> > > servers.
> > >
> > > Using client certificates is not yet possible. Contributions or ideas
> > > how to support client certificates are welcome (any suggestions should
> > > be sent to squid-dev@squid-cache.org).
> > >
> > > --
> > > Henrik Nordstrom
> > > Squid Hacker
> > >
> > >
> > > jack wrote:
> > > >
> > > > Hi All,
> > > >
> > > > Can I configure squid to act as web accelerator for HTTPS enabled
> > > > site......?
> > > >
> > > > Thanks,
> > > > Jack.
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
Received on Wed Apr 18 2001 - 09:24:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:22 MST