Re: Re: [squid-users] Squid as SSL ReverseProxy - SSL Gateway or however you wanna call it

The 2.5 version of the ssl update patch is currently for 2.5.STABLE2.

None of the development patches are included in 2.5.STABLE2, only the
bugfixes listed on http://www.squid-cache.org/Versions/v2/2.5/bugs/

Regards
Henrik

ons 2003-03-26 klockan 15.46 skrev sebastian.nell@bgs-ag.de:
> Hi!
> Thanks so far, I couldn't applie the ssl_update to 2.5 Stable1 but I useed
> Squid 2.5 Stable2 cause somewhere
> it said that all Patches for Stable1 are included there!
> After the installation I included a little rewrite cgi into the squid.conf
> which rewrites the incoming request like :
> https://localserver into https://192.168.1.1 but I still get the error
> message Bad Request ...
> What am I doing wrong?
> Is there a usable version of Squid 3 out yet?
>
> Thanks again for your support
> greetz
> Sebastian Nell
>
>
>
>
>
>
> Henrik Nordstrom <hno@squid-cache.org> am 26.03.2003 12:42:46
>
> An: sebastian.nell@bgs-ag.de
> Kopie: squid-users@squid-cache.org
> Thema: Re: [squid-users] Squid as SSL ReverseProxy - SSL Gateway or
> however you wanna call it
>
>
> Squid-2.5 does not support this out of the box.
>
> With the SSL update patch for Squid-2.5 it gets somewhat possible by
> defining the internal server as a ssl enabled cache_peer (works with
> most web servers) or using a redirector to rewrite the accelerated URLs
> into https://... (works with all web servers)
>
>
> Squid-3 will support such configuration directly, and is significantly
> easier to configure than Squid-2.5 + ssl_update.
>
>
> In both cases the https:// request is proxied by Squid, meaning that
> there is one SSL tunnel between the client and Squid, and another SSL
> tunnel between Squid and the web server, with Squid decrypting and then
> re-encrypting the traffic in the middle.
>
> If what you want is a SSL tunnel between the client and the internal
> server then you need to use a tcp plug or port forwarding.
>
> Regards
> Henrik
>
>
> ons 2003-03-26 klockan 09.58 skrev sebastian.nell@bgs-ag.de:
> > Hi!
> >
> > I have been reading through this mailing list quite a while and have
> > stumbled over a lot of
> > Posts concerning Squid and SSL but not an answer to what I really need.
> > What I need is a SSL Connection on both sides of Squid
> >
> > Client < -----SSL---- > Squid < ----- SSL ----- > Internal Server
> >
> > I know that this question has been ask quite often and there where People
> > who said
> > it works some said it doesn?t but there has never been a "real" answer
> or
> > an example
> > concerning whether it is possible or not!
> >
> > My Squid.conf looks like this (using Squid 2.5 stable1):
> >
> > http_port 172.16.3.131:80
> > https_port 172.16.3.131:443 cert=squid_cert.pem key=squid_key.pem
> > ...
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl to_localhost dst 127.0.0.0/8
> > acl allowed_hosts src 192.168.1.1/255.255.255.0
> > acl SSL_ports port 443 563
> > ...
> > acl CONNECT method CONNECT
> > ...
> > redirect_rewrites_host_header off
> >
> >
> > http_access allow manager localhost
> > http_access deny manager
> > http_access allow allowed_hosts
> > http_access deny all
> > http_access allow CONNECT !SSL_ports
> > http_access allow CONNECT
> > ...
> > acl our_networks src 192.168.1.0/24 192.168.4.0/24
> > http_access allow our_networks
> > http_reply_access allow all
> > ...
> > httpd_accel_port 443
> > httpd_accel_host virtual
> > httpd_accel_single_host off
> > httpd_accel_with_proxy off
> > httpd_accel_uses_host_header on
> > ....
> >
> > And at my /etc/hosts I added an entry
> >
> > 192.168.1.10 localserver
> >
> > When I try to access localserver through Squid and https I get the error
> > Message
> > "Error- Bad Request This web server is running in SSL mode. Try the URL
> > https:://pc352:443/ instead."
> >
> > pc352 is the computer name of localserver.
> >
> > How to I get SSL to work from Squid to the localserver?
> >
> > I would be more than thankful if someone could help me out on this one!
> >
> > THX
> >
> > Sebastian
> >
> > *******************************************
> > Beratungsgesellschaft
> > Software Systemplanung AG
> > Geschäftssitz Mainz
> > Niederlassung Rhein/Main
> > Robert-Koch-Straße 41
> > 55129 Mainz
> > Phone: 06131 914-0 (-166), Fax -400
> > E-Mail: Sebastian.Nell@bgs-ag.de
> > web: www.bgs-ag.de
> > ********************************************
> --
> Henrik Nordstrom <hno@squid-cache.org>
> MARA Systems AB, Sweden
>
>

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden