[squid-users] SSL Over Reverse Proxy

From: Dario Dell <davedidozy@dont-contact.us>
Date: Thu, 13 Oct 2005 16:27:40 +0200

HHi,

i have got a big problem. I know that SSL with reverse proxy is a well known topic, but i do not know how to manage my problem. Following Szenario.

Notebook with Suse 10 an Squid 2.5.Stable 10 as the reverse proxy 192.168.5.100
Desktop PC with windows, Xampp Apache Server. 102.168.5.200
The desktop PC is server and Client, too.
Subnet is 192.168.5.0
I want do take a URL request www.gpl.de from the desktop PC using the reverse Proxy to get the right Website from the Apache webserver. The Connection over http it is no problem but i have absolutely no knowledge about using ssl in this case. The apache is compiled with mod.ssl. But with the following squid.conf the http request do not work. Why? Please help me. I’m a newbie. I want to have a https connection between the client and the Proxy and a normal http connection between proxy und webserver
unfortunatly I do not know so much about the small things around the topic. This is my first time to do this.

http_port 80
https_port 443 cert=/etc/squid/192.168.5.200-thl_cert.crt key=/etc/#squid/prvCA_rProxy-key.pem
ssl_unclean_shutdwon on
icp_port 0
htcp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
redirect_rewrites_host_header off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
#acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
acl allowedhosts src 192.168.5.0/255.255.255.0
acl webserver dst 192.168.5.0/255.255.255.0
acl webports port 80
acl webports port 443
http_access allow allowedhosts
http_access deny !webserver
http_access deny !webports
#http_access allow all
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#

# http_reply_access allow allowedhosts
http_reply_access allow all
httpd_accel_with_proxy off
httpd_accel_uses_host_header on

I hope you can help, what should i do in detail...?
______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
Received on Thu Oct 13 2005 - 08:27:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST