RE: [squid-users] RE: Squid Accelerator and SSL

What I think you want is Squid as an SSL Accelerator, and the Webserver on
the back end running unsecure.

Load the Cert and Key in the squid.conf, squid -k reconfigure, and run from
there.

See also FAQ Section 19.

Brian Peterson
If it's there and you can see it - it's REAL
If it's there and you can't see it - it's TRANSPARENT
If it's not there and you can see it - it's VIRTUAL
If it's not there and you can't see it - it's GONE

> -----Original Message-----
> From: Kent, Mr. John (Contractor) [mailto:kent@nrlmry.navy.mil]
> Sent: Friday, February 06, 2004 5:32 PM
> To: Henrik Nordstrom
> Cc: Squid_Users (E-mail)
> Subject: [squid-users] RE: Squid Accelerator and SSL
>
>
> Greetings,
>
> I downloaded and installed Squid3.0 and it works!
>
> I can redirect to a backend server running https and the
> web pages come up fine.
>
> The problem I now have is that the accelerator works
> perfectly and hides
> the fact that the client is connecting to an https server.
>
> Somehow I don't think that's what I want.
>
> Is there a way to hide all redirections from the clients
> browser's except those
> going to an https server?
>
> Doesn't the Client need to "see" https in the URL in order to
> securely transmit a
> password for instance?
>
> I guess the only way to handle this is to have a hyperlink on
> a page directly to
> the https server and bypass Squid altogether.
>
> If this shows a gross ignorance of the process, I confess.
> Perhaps someone can set me straight.
>
> Thank you,
> John Kent
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Friday, February 06, 2004 9:44 AM
> To: Kent, Mr. John (Contractor)
> Cc: Squid_Users (E-mail); Henrik Nordstrom (E-mail)
> Subject: Re: Squid Accelerator and SSL
>
>
> Squid-2.5.STABLE can not initiate SSL connections, only accept SSL
> connections.
>
> To initiate SSL connections you need the SSL update patch from
> devel.squid-cache.org, or Squid-3.
>
> Regards
> Henrik
>
> On Fri, 6 Feb 2004, Kent, Mr. John (Contractor) wrote:
>
> >
> > Greetings,
> >
> > I am using Squid as a front-end accelerator on top of a server farm.
> > Wanted to re-direct to an https enabled Apache Server.
> > Squid is in a "DMZ" and talks to the server farm through a firewall.
> > The Apache server was set up independently of Squid, by which I mean
> > I created the keys and certificates for it only.
> >
> > It works fine when accessed directly.
> >
> > Per the FAQ, I rebuilt my Squid enabling ssl
> >
> > ./squid -v now gives =3D
> > >Squid Cache: Version 2.5.STABLE4
> > configure options: --prefix=3D/users/webuser/www_squid =
> > --enable-storeio=3Ddiskd,ufs --enable-ssl --with-openssl=3D/usr/lib
> >
> > When the redirection occurs get the following error page from Squid:
> >
> > ERROR
> > The requested URL could not be retrieved
> >
> > While trying to retrieve the URL: =
> > <https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl>=20
> > The following error was encountered:=20
> > * Unsupported Request Method and Protocol=20
> > Squid does not support all request methods for all access
> protocols. For =
> > example, you can not POST a Gopher request.=20
> >
> > Clicking on the "trying to retrieve" URL above works fine.
> >
> > Any suggestions?
> >
> > Obviously I'm missing a great deal here.
> > If there is more information that I have failed to read, I
> accept all
> > criticism, but would appreciate the link to
> > the applicable reference.
> >
> > Thank you,
> >
> > John Kent
> > Webmaster
> > Naval Research Laboratory
> > Monterey, CA
> > http://www.nrlmry.navy.mil
> >
> >
> >
>