Re: [squid-users] Outbound http -> https gateway

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Mon, 05 Feb 2007 23:51:22 +0100

mån 2007-02-05 klockan 16:47 -0500 skrev Steve Kapp:
> We need an HTTP->HTTPS translator so that internal network traffic may stay
> unencrypted, a requirement from some of our customers. I have seen this
> question asked previously about squid in the archives, and the answer seems
> to be 2.5+ssl patch offers this feature, as does 3.0.
>
> Does 2.6 also support this feature?

Yes.

> Also, does anyone have a sample config file that supports this setup?

There is three ways of using this depending on what your functionality
requirements are:

a) With Squid acting as an accelerator/reverse proxy for a defined list
of sites, upgrading these sites to https. You then use the ssl option to
cache_peer to wrap the request in SSL.

b) By using a HTTP client sending https:// URLs to Squid. Squid will
then maintain the SSL on behalf of the client.

c) Using a url rewriter helper to rewrite selected http:// URLs into
https:// per your own specifications, making Squid process the request
as a https:// request even if the client requested http://

It's also possible to extend Squid with the capability to decrypt
CONNECT SSL proxy requests allowing inspection of https traffic. Contact
me privately if you want a quote on implementing this feature.

Regards
Henrik

Received on Mon Feb 05 2007 - 15:51:29 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST