[squid-users] RE: Squid Accelerator and SSL

From: Kent, Mr. John (Contractor) <kent@dont-contact.us>
Date: Fri, 6 Feb 2004 17:31:57 -0800


I downloaded and installed Squid3.0 and it works!

I can redirect to a backend server running https and the
web pages come up fine.

The problem I now have is that the accelerator works perfectly and hides
the fact that the client is connecting to an https server.

Somehow I don't think that's what I want.

Is there a way to hide all redirections from the clients browser's except those
going to an https server?

Doesn't the Client need to "see" https in the URL in order to securely transmit a
password for instance?

I guess the only way to handle this is to have a hyperlink on a page directly to
the https server and bypass Squid altogether.

If this shows a gross ignorance of the process, I confess.
Perhaps someone can set me straight.

Thank you,
John Kent

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, February 06, 2004 9:44 AM
To: Kent, Mr. John (Contractor)
Cc: Squid_Users (E-mail); Henrik Nordstrom (E-mail)
Subject: Re: Squid Accelerator and SSL

Squid-2.5.STABLE can not initiate SSL connections, only accept SSL

To initiate SSL connections you need the SSL update patch from
devel.squid-cache.org, or Squid-3.


On Fri, 6 Feb 2004, Kent, Mr. John (Contractor) wrote:

> Greetings,
> I am using Squid as a front-end accelerator on top of a server farm.
> Wanted to re-direct to an https enabled Apache Server.
> Squid is in a "DMZ" and talks to the server farm through a firewall.
> The Apache server was set up independently of Squid, by which I mean
> I created the keys and certificates for it only.
> It works fine when accessed directly.
> Per the FAQ, I rebuilt my Squid enabling ssl
> ./squid -v now gives =3D
> >Squid Cache: Version 2.5.STABLE4
> configure options: --prefix=3D/users/webuser/www_squid =
> --enable-storeio=3Ddiskd,ufs --enable-ssl --with-openssl=3D/usr/lib
> When the redirection occurs get the following error page from Squid:
> The requested URL could not be retrieved
> While trying to retrieve the URL: =
> <https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl>=20
> The following error was encountered:=20
> * Unsupported Request Method and Protocol=20
> Squid does not support all request methods for all access protocols. For =
> example, you can not POST a Gopher request.=20
> Clicking on the "trying to retrieve" URL above works fine.
> Any suggestions?
> Obviously I'm missing a great deal here.
> If there is more information that I have failed to read, I accept all
> criticism, but would appreciate the link to
> the applicable reference.
> Thank you,
> John Kent
> Webmaster
> Naval Research Laboratory
> Monterey, CA
> http://www.nrlmry.navy.mil
Received on Fri Feb 06 2004 - 18:32:00 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST