Re: [squid-users] Is "https_port" required for transparent (reverse) proxying?

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Fri, 2 Dec 2005 11:37:32 +0100

On 01.12 10:56, Tim Neto wrote:
> Okay, so the terminology is no longer "transparent" and instead I should
> use "intercepting".
>
> Here is what I have:
>
> -------------- -----------------
> ---------------------
> | Client | Internet | Firewall host |
> Internal Network | Secure Web |
> | Computer | <--------------->| with IPtables
> |<----------------------->| Server (https) |
> | | | and Squid
> | | port 80 and 443 |
> -------------- -----------------
> ---------------------

sorry I can't read this. Do you use fixed-width font for text e-mail?
(you should).

> The trouble we are having is Squid is not passing the https traffic through.

Do you need squid pass the https traffic through?
Wouldn't be enough if it accepted HTTPS trafic and forwarded it as HTTP?
(this usually means reverse proxy and it's its usual use)

And, again, the proxy does not need to be intercepting - it's useless.

> So the question remains, how do I pass HTTPS traffic from the open
> Internet to my internal web server using Squid 2.5STABLE11?

Just direct https traffic to proxy and configure it to forward requests to
correct host (using squid hosts table).

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
Received on Fri Dec 02 2005 - 03:37:37 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST