Re: [squid-users] Web client not capable of SSL

From: D.Veenker <>
Date: Sun, 02 May 2010 14:55:24 +0200

Is it maybe possible to intercept the http:// request over port 80 with
IPTABLES and redirect it to Squid?

Then let an ICAP add-on (or the internal rewriter) rewrite the URL to
https://. Then let Squid do all the SSL with client certificates with
the actual https-server.
Last, Squid forwards the server-reply to the client (maybe also by using
some IPTABLE tricks) to the client in regular un-encrypted http.

Is this possible? An if yes, then how? I can only imagine some config
need to be done to get this up-and-running if possible.
It would be the perfect transparent ssl-proxy for clients that are not
capable of SSL (and SSL client certificates)

Greetz, Dj.

Amos Jeffries wrote:
> D.Veenker wrote:
>> My web client is not capable of SSL and definitely no client
>> certificates.
>> - Can Squid do all the SSL-work in a transparent way, including the
>> client cerificates?
> Yes. BUT ...
>> - How does the config look like?
> ... it's the client software which must pass URLs starting with
> https:// to Squid to process.
> squid.conf looks like normal.
>> - Do a need to recompile Squid with --enalble-ssl?
> I don't think so.
> Amos
Received on Sun May 02 2010 - 12:55:30 MDT

This archive was generated by hypermail 2.2.0 : Sun May 02 2010 - 12:00:03 MDT