Joe Cooper wrote:
> I should point out that Henrik explained how it could be implemented,
> but it would require significant programming to do it. It's not a
> simple configuration change. So may not be worth searching for, except
> for further illumination of the topic.
I would not say a significant amount of programming is required.
There is two possible paths in implementing SSL interception in Squid
(or in fact, any TCP interception where Squid only tunnels the traffic
without caring what it contains).
1. Implement a frontend that sits infront of Squid, translating the TCP
connections into HTTP CONNECT proxy requests.
2. Implement one additional listen port in Squid which performs the
above mentioned translation inline, quite similar to how transparent
HTTP proxying is performed for HTTP/1.0 requests (those carrying no Host
header), except for the small fact that no parsable data besides the
client IP and destination IP is available..
Regards
Henrik Nordström
Squid Hacker
Received on Fri Oct 05 2001 - 15:37:47 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:37 MST