[squid-users] Transparent SSL tunneling

From: Gordan Bobic <gordan@dont-contact.us>
Date: Tue, 11 Sep 2001 14:26:04 +0100 (BST)

Hi.

Is there any way to accomplish this? As far as I can understand, at least
in the HTTP case, ability to do transparent proxying, implies ability to
do transparent acceleration.

Basically, I have a setup where there is 1 live IP address, and multiple
live servers on private IPs. A local DNS server overrides the global names
for those servers, and points them to the local addresses where the
servers reside.

Squid in accelerator mode accomplishes this wonderfully. However, I now
also need to add SSL/HTTPS support to some of the servers. I have told
squid to listen on port 443 and redirected all port 443 traffic to it, in
order to test it with transparent proxying first, but it doesn't seem to
work.

I have seen mentioned that the only way to proxy SSL is without caching,
and by doing a CONNECT tunnel straight to the actual server. I have no
problem with that, as the benefits of acceleration/caching are only
secondary here.

I have tried adding things like:

acl SSL_ports method CONNECT
always_direct allow SSL_ports

To the squid.conf file, but it doesn't help.

How can I just get squid to pass the requests on to the actual server
transparently, without any processing, other than a name/IP lookup and
forwarding of packets? What entries need to be added to squid.conf?

Regards.

Gordan
Received on Tue Sep 11 2001 - 07:26:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:08 MST