Re: [squid-users] SSL Accel - Reverse Proxy

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sat, 03 May 2008 17:32:03 +1200

Amos Jeffries wrote:
> Tory M Blue wrote:
>> On Fri, May 2, 2008 at 5:25 AM, Amos Jeffries <squid3@treenet.co.nz>
>> wrote:
>>
>>> You made the situation clear. I mentioned the only reasonably easy
>>> solution.
>>> If you didn't understand me, Keith M Richad provided you with the exact
>>> squid.conf settings I was talking about before.
>>
>>
>> Obviously i have not., and I apologize.
>>
>> I want Squid to handle both HTTP/HTTPS (easy, implemented working for
>> months).
>>
>> I want SQUID to talk to the backend server via HTTP.. period, (EASY)
>>
>> I want SQUID to handle the https encryption/description and talk to
>> the origin server via http . (EASY)
>>
>> I want Squid to somehow inform the origin that the original request
>> was in fact HTTPS (HOW, is the question at hand)
>>
>> I can do SSL and pass it and have squid handle the SSL without issue.,
>> the issue is allowing the origin insight as to the originating
>> protocol, if squid accepts the client connection on 443 and sends the
>> request to the origin on port 80....
>>
>> The issue is that I don't want my backend server to have to deal with
>> ssl at all. But I have some applications that require the request be
>> https (secured pages), So if Squid could pass something in the header
>> citing that the original request was made via https, than my code
>> could take that information, and know that sending secured data via
>> non secure method is okay, since Squid will encrypt the data and send
>> to the client before that data leaves my network.
>>
>> I had similar questions with squid sending the original http version
>> information in a header, which it does. Now I'm wondering if squid
>> keeps track of the original requesting protocol, so that my
>> application can look at the header and decide if the original request
>> came in as https (Since the origin at this point believes not, since
>> squid is talking to the origin via http and talking to the client via
>> https.)
>>
>> Sorry that I seem to be making this complicated, it totally makes
>> sense in my head (: )
>
> No worries (on our part at least).
>
> The HTTP-only back-end requirement is a major hurdle for you.
>
> No release of Squid has that capacity in any easy way. You will need to
> add new code to squid one way or another. Or have it added for you.

Bah, never mind me. See Henriks post earlier.

Amos

-- 
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
Received on Sat May 03 2008 - 05:31:21 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT