Re: [squid-users] Web client not capable of SSL

From: Amos Jeffries <>
Date: Mon, 03 May 2010 01:27:16 +1200

D.Veenker wrote:
> Is it maybe possible to intercept the http:// request over port 80 with
> IPTABLES and redirect it to Squid?
> Then let an ICAP add-on (or the internal rewriter) rewrite the URL to
> https://. Then let Squid do all the SSL with client certificates with
> the actual https-server.
> Last, Squid forwards the server-reply to the client (maybe also by using
> some IPTABLE tricks) to the client in regular un-encrypted http.

Pretty complex.

For the general case you hit the very hard problem of; how do you know
any given server will accept HTTPS for any given request?

If you have a specific server or set of servers you need it for use
cache_peer to setup an SSL link to each and just pass the relevant
requests down it.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.3
Received on Sun May 02 2010 - 13:27:27 MDT

This archive was generated by hypermail 2.2.0 : Sun May 02 2010 - 12:00:03 MDT