Re: [squid-users] squid http -> https translation from Amos Jeffries on 2009-09-20 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 20 Sep 2009 23:46:57 +1200

Wiktor Warmus wrote:
> Hi,
> according to the post:
>
> http://www.squid-cache.org/mail-archive/squid-users/200506/0071.html
>
> On 03.06 14:22, Gruskovnjak Oliver wrote:
>>> Is it possible to make squid act as a "translater" ?
>>> The setup should look like that:
>>>
>>> There is a server and a client both can change their state to server
>>> or client.
>
>>> The traffic should look like this:
>>>
>>> Client -- HTTP -- Squid -- HTTPS -- Server
>
>> - squid-2.5 needs ssl patch do do this.
>> squid-3.0 can do this but it's not released yet.
>
>>> Server -- HTTPS --Squid --HTTP -- Client
>
>> pardon, you don't wnt the server to connect to the client, do you?
>> Why do you want to use SSL? And why can't you use SSL directly from
>> client to server?
>
>>> To the server there shoudl be a HTTP to HTTPS translation and from
> the
>>> server to the client a HTTPS to HTTP translation.
>>>
>>> Is it possible to do this with squid ?
>
> I would like to re-ask the same question.
> I am trying to run IE via wine on Linux

Eew.

> and it's unable to connect to
> the sites via https, so I thought about some kind of https-to-http
> translation and found the link above with alike issue.

And the answer is nearly the same. 2.5 needs a patch. All the currently
supported Squid can do this without trouble in several ways.

* Squid in normal operation can let the browser open a tunnel and
shovel HTTPS bits directly between the browser and website.

* Squid can also open https:// URLs if the client browser is happy to
be talking unsecured HTTP and let the secure bit only happen between
Squid and the website. (There are no actual web browsers I know of that
do this, only simplistic web libraries and tools).

* Squid reverse-proxy can translate from public facing HTTPS to a
private HTTP-only server if it is given the authoritative SSL
certificate and keys for the domain being serviced.

You need to configure IE to use the Squid as a proxy.

NP: If you are trying to make IE secure, using HTTPS will not help. The
flaws in IE are in the way it handles HTML. There is no way to do so
short of re-coding IE without all its bugs AND re-coding the OS it runs
on without its bugs as well.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
   Current Beta Squid 3.1.0.13

Received on Sun Sep 20 2009 - 11:47:11 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 23 2009 - 12:00:03 MDT