Re: [squid-users] Help needed setting up ssl proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 24 May 2009 18:44:32 +1200

Magnus Moraberg wrote:
> Hi,
>
> I wish to set up a proxy server where the clients' browser will be
> configured to use this proxy for both http and https.
>
> Some of the clients are behind a firewall which prohibits ports other
> than 80 and 443.
>
> I have managed to create a http proxy server by setting http_port to
> 80 instead of 3128. The rest of my conf file is the same as the
> default except for some acl statements to permit certain network
> groups.
>
> Now I wish for my clients to be also able able to use ssl/https, but
> I'm not sure how squid should be configured to do this.
>
> Would it suffice to simply configure the ssl proxy for each client
> browser to also connect to the squid proxy server on port 80? I see
> that the conf file has a number of safe ports included, including 443.
> Therefore, I'm guessing it should work without me changing anything in
> my conf file.

Yes, Squid is already configured for this via the default CONNECT method
rules. Set the users browsers to same proxy settings for HTTP ans HTTPS.

>
> If this is correct, is the connection secure from between the client
> and the proxy also?

Yes, sort of. The place and port the client is trying to connect to are
known, and sometimes some other basic headers. But the rest is encrypted.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Received on Sun May 24 2009 - 06:44:39 MDT

This archive was generated by hypermail 2.2.0 : Sun May 24 2009 - 12:00:01 MDT