Tory M Blue wrote:
> On Fri, May 2, 2008 at 5:25 AM, Amos Jeffries <squid3@treenet.co.nz> wrote:
>
>> You made the situation clear. I mentioned the only reasonably easy
>> solution.
>> If you didn't understand me, Keith M Richad provided you with the exact
>> squid.conf settings I was talking about before.
>
>
> Obviously i have not., and I apologize.
>
> I want Squid to handle both HTTP/HTTPS (easy, implemented working for months).
>
> I want SQUID to talk to the backend server via HTTP.. period, (EASY)
>
> I want SQUID to handle the https encryption/description and talk to
> the origin server via http . (EASY)
>
> I want Squid to somehow inform the origin that the original request
> was in fact HTTPS (HOW, is the question at hand)
>
> I can do SSL and pass it and have squid handle the SSL without issue.,
> the issue is allowing the origin insight as to the originating
> protocol, if squid accepts the client connection on 443 and sends the
> request to the origin on port 80....
>
> The issue is that I don't want my backend server to have to deal with
> ssl at all. But I have some applications that require the request be
> https (secured pages), So if Squid could pass something in the header
> citing that the original request was made via https, than my code
> could take that information, and know that sending secured data via
> non secure method is okay, since Squid will encrypt the data and send
> to the client before that data leaves my network.
>
> I had similar questions with squid sending the original http version
> information in a header, which it does. Now I'm wondering if squid
> keeps track of the original requesting protocol, so that my
> application can look at the header and decide if the original request
> came in as https (Since the origin at this point believes not, since
> squid is talking to the origin via http and talking to the client via
> https.)
>
> Sorry that I seem to be making this complicated, it totally makes
> sense in my head (: )
No worries (on our part at least).
The HTTP-only back-end requirement is a major hurdle for you.
No release of Squid has that capacity in any easy way. You will need to
add new code to squid one way or another. Or have it added for you.
You could try coding up an ICAP adaptor for Squid 3.0+ that just adds
headers.
Or make a url-rewrite setup adding a piece to the URL the server
application receives.
>
> Tory
>
> I'm not sure how to be clearer and would be happy to email directly
> with someone , aim, or phone
Amos
-- Please use Squid 2.6.STABLE20 or 3.0.STABLE5Received on Sat May 03 2008 - 05:25:55 MDT
This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT