Here's my situation:
I have an internal IP network that offers no internet connectivity. But I
do want to allow clients on this internal network access to only, say, 2
external web sites, such as
http://blah.company.com/
https://secureblah.company.com/
I have complete control over the DNS on this internal network, so I am able
to point blah.company.com and secureblah.company.com at a squid that does
have external connectivity.
I know that what I am describing so far is just a reverse proxy. But -- in
the case of the https server, I need SSL negotiation to happen between the
client and the *target* server, not between the client and the squid -- the
squid should only pass the encrypted traffic between the target and the
client. (Of course I cannot obtain a valid cert for secureblah.company.com,
so I must allow the browser to communicate directly with that server.)
I have looked at the archives for quite awhile, and I believe from what I
have read that this can be done (with squid-2.5.STABLE4 or squid3). But I
am a bit embarrassed to say that I cannot figure out the proper squid.conf
statements to make squid behave this way.
Any pointers would be much appreciated.
Received on Thu Jan 22 2004 - 04:23:01 MST
This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST