Re: [squid-users] SSL and Squid

From: Michael Puckett <Michael.Puckett@dont-contact.us>
Date: Wed, 06 Jun 2007 16:05:32 -0700

Henrik Nordstrom wrote:
> ons 2007-06-06 klockan 10:26 -0700 skrev Michael Puckett:
>
>> I have a 2 level squid setup. Several top level parent cache servers
>> which connect to the internet with multiple child servers supporting my
>> internal subnets. Is it possible to configure the top level servers to
>> use SSL over the internet and cache the objects locally while allowing
>> the child servers to operate internally with no SSL requirement?
>>
>
> Yes, but with limitations.
>
> a) If your clients sends https:// URLs to Squid using HTTP (not CONNECT)
> then the Squid closest to the origin server will wrap them up in SSL.
>
The intention would be that the clients should not even know that the
top level was using SSL to the origin servers. The clients would make a
regular http:// access. Of course, if the client does use https://
accesses then the CONNECT tunneling through the cache servers would be
expected.
> b) For selected sites you can have Squid act as an accelerator, so that
> eve if the client requests http://some.site/ squid will still wrap the
> request in SSL. See the cache_peer (and cache_peer_access) directive.
>
What do you mean by "act as an accelerator"? Just the regular proxy
caching? If so , this sounds like what I am after.
> c) It's also possible to do 'b' by using an url rewriter/redirector to
> rewrite the request from http:// to https:// on the fly.
>
What would be the advantage of using a url rewriter?

Best regards,

-mikep
Received on Wed Jun 06 2007 - 17:05:46 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT