Re: [squid-users] Squid use SSL ALWAYS?

From: Aaron Gray <aaronmgray@dont-contact.us>
Date: Wed, 28 Jun 2006 13:59:56 -0700

It sounds like based on what you said, I should look into stunnel. My basic
reason behind this is that some places I go, they are still able to sniff
the traffic and determine what it is I am doing. My Squid proxy server is
in a co-lo so I am not concerned about the squid server to the website, only
squid to my desktop client traffic. I want all that to appear as jibberish
encrypted gabbledygook (thats a technical term!) :P

thanks

On 6/28/06, Chris Robertson <crobertson@gci.net> wrote:
>
> Aaron Gray wrote:
>
> > I have squid working perfectly as a caching proxy server.
> > If I access my squid proxy server from a network that has some kind of
> > "sniffing" software, they can see the headers are HTTP headers (even
> > though
> > it is on a weird port) and still identify where your going and read
> > all the
> > plain text HTML.
> >
> > Is there any way to make it so that when I connect to the squid proxy
> and
> > authenticate (which I require based on my ACL) that it creates a SSL
> > connection (or something similar) to where all traffic is encrypted
> > even if
> > the destination page is not a https website? I want to hide the plain
> > text.
> >
> You can certainly encrypt the traffic between the client and Squid (look
> into stunnel, http://www.stunnel.org/), but encrypting between Squid and
> a non-SSL (HTTPS) server is not possible. If you just want to encrypt
> the authentication, look into using digest.
>
> Chris
>
Received on Wed Jun 28 2006 - 15:00:00 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT