On Fri, May 09, 2003 at 12:50:25PM -0700, Jeremy Junginger wrote:
> Is it possible to set up the following with SQUID:
>
> A proxy that uses an SSL connection to tunnel http traffic from the
> client to the proxy server such that the proxy passes the http traffic
> on to the web server?
>
> Client<---ssl--->Squid(SSL)<---http--->www.whatever.com
You can't do that with squid alone. There are however commercial proxy
applications that you can use in combination with Squid. That way you will
have something like:
client<--https-->sslproxy1<--http-->squid<--http-->sslproxy2<--https-->server
sslproxy1 is an instance which receives the SSL traffic and pretends to
be the destination server. It then decodes the request, tunnels it
through squid, and encrypts it at sslproxy2 to send a https request to
the server. You would be able to use squid for controlling and caching
web traffic although the users assumes he/she is using a secured
connection.
I'm planning on introducing such a solution in the next months because I
know there is a bunch of users which misuse the squid port 443 to tunnel
VNC and SSH connection to their home PCs. And I want to make sure that
in the future this proxy only does HTTP and nothing else.
Drawbacks:
- you will see traffic on the traffic which may not be meant for you
(your users will not enjoy you tracing their home banking actions)
- you will need to tell the sslproxy how to handle certificates
(the user will no longer be able to chose whether he accepts the
certificate or not - the 'sslproxy2' instance will have to do this).
Christoph
-- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 AllReceived on Fri May 09 2003 - 14:39:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:30 MST