Re: [squid-users] Can squid acted as a application SSL proxy

李春 wrote:
> Thanks for your reply.
>
>> Date: Fri, 28 Nov 2008 16:19:36 +1300
>> From: squid3_at_treenet.co.nz
>> To: chunli5ren_at_hotmail.com
>> CC: uhlar_at_fantomas.sk; squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Can squid acted as a application SSL proxy
>>
>> 李春 wrote:
>>> Thanks for you help.
>>> But I am sorry you may mistook my meaning entirely.
>>> I do not need the http proxy and cache functionality of squid.
>>> I just wander that if the squid can receive the client SSL connetion( or packages)
>>> , decode it and tranfer the data with no SSL to the server as a transparent layer.
>>> squid using SSL may be like this:
>>> --------
>>> http data
>>> --------
>>> SSL
>>> --------
>>> TCP/IP
>>> --------
>>> But I wonder if the squid can act like this
>>> --------
>>> my application data
>>> --------
>>> SSL
>>> --------
>>> TCP/IP
>>> --------
>>> Thanks very much.
>>> yours,
>>> Pickup.Li
>>>
>> You seem to misunderstand the network layering concept.
>>
>> You want something that connects to clients using HTTPS (HTTP/SSL) and
>> connects them to your application using plain HTTP?
>>
>> The name for such configuration is "reverse proxy".
>> http://wiki.squid-cache.org/SquidFaq/ReverseProxy
>>
>> Only the front listening port is configured with https_port instead of
>> http_port.
>>
> Yes. I want to build ReverseProxy of squid.
> And I have manage to build it with "https_port" in my environment.
> But my client is not web explorer but a application.

No problem as long as your application speaks proper HTTP. If it speaks
another protocol it should not being going through Squid.

>
>
>> caching is optional.
>>
>> The action of wrapping/unwrapping SSL requires proxy of some type,
>> sometimes called tunnel agents.
>>
> Yes. You get it. I just want the "wrapping/unwrapping SSL requires proxy"
> and wander if squid can be configuratured as it.
> if any other exist open source project major in it, Please let me know.
> I am very appreciated for your help.

"stunnel" may also apply. It's a generic tunnel creator though so I
don't know if its applies as a general receiving agent.

Amos

>>>> Date: Thu, 27 Nov 2008 15:54:08 +0100
>>>> From: uhlar_at_fantomas.sk
>>>> To: squid-users_at_squid-cache.org
>>>> Subject: Re: [squid-users] Can squid acted as a application SSL proxy
>>>>
>>>> On 27.11.08 09:45, 李春 wrote:
>>>>
>>>> Please configure your mailer to wrap lines below 80 characters per line.
>>>>
>>>>> I have a client/server application program and want to add SSL module to
>>>>> it to secure the data transferring on the network. I wander that if I can
>>>>> use the squid as a SSL proxy between client and server. The squid will
>>>>> configurated as a reserve proxy and located in the application server's
>>>>> environment. The client and squid contact with SSL connection. Just like
>>>>> this:
>>>>> <-(no SSL)-- <-(SSL)--
>>>>> Server Squid client
>>>>> --(no SSL)-> --(SSL)->
>>>>>
>>>>> I know squid can act as web proxy like this using "https_port". But I am curious that if I can make use of squid like this.
>>>> Yes, that's what https_port is for. Just properly configure squid as reverse
>>>> proxy.
>>>>
>>>> --
>>>> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
>>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>>> I wonder how much deeper the ocean would be without sponges.
>>> _________________________________________________________________
>>> 新版手机MSN，新功能，新体验！满足您的多彩需求！
>>> http://mobile.msn.com.cn
>>
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
>> Current Beta Squid 3.1.0.2
> _________________________________________________________________
> MSN热搜榜，每天最In的信息资讯和热点排行让您一览无余！
> http://top.msn.com.cn

-- 
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.2