Re: [squid-users] https to http translation

Hey
ok let me see if I got this right (excuse the noob!):
Let's say you set up squid to listen to ssl over 8081 and set up proxy
settings of your browser to use 8081 for both http and https. Now if you
type in an address with https in your browser you will send your data to
squid over ssl (probably ssl of the target website) but if you use http,
browser will not understand that the proxy on the other side is looking
for an ssl connection. Did I get this right?
If that is the case, one other option would be setting up a proxy daemon
on the local machine and try to get it connected to the main proxy
server over an encrypted connection. Can THAT be done with squid?
Cheers
Purgat

On Mon, 2010-12-13 at 01:04 +0000, Amos Jeffries wrote:
> On Mon, 13 Dec 2010 00:20:23 +0330, purgat wrote:
> > On Sun, 2010-12-12 at 14:19 -0600, Luis Daniel Lucio Quiroz wrote:
> >> Le dimanche 12 décembre 2010 11:00:43, guest01 a écrit :
> >> > Maybe not exactly what you are looking for, but have you thought of
> >> > using IPSec? You could deploy IPSec and encrypt every connection from
> >> > your clients to the Proxy.
> >> > I don't know what you are trying to achieve, but if your objective is
> >> > to encrypt connections from the Clients to the proxy, IPSec would be
> >> > perfectly transparent and scalable.
> >> >
> >> > On Sunday, December 12, 2010, purgat wrote:
> >> > > Hi
> >> > > I have seen similar discussions in the list in the past but none
> >> > > exactly
> >> > > answers my question.
> >> > > This is the setup I am looking for:
> >> > > a server somewhere out there runs one or more instances of squid.
> >> > > user at home sets up the browser to use the proxy.
> >> > > whenever user puts an address in their browser address bar,
> request,
> >> > > is
> >> > > encrypted with ssl and sent to squid. Instances (if more than one
> is
>
> Squid provides https_port for accepting SSL connections from clients.
>
> THE PROBLEM is that browsers do not use it for browser->proxy
> communications.
>
> >> > > necessary) of squid then request the page through normal http from
> >> > > the
> >> > > Internet and send the response through ssl back to the client.
> >> > > Unfortunately the answers I have seen to this question in past seem
> >> > > to
> >> > > ignore the fact that the user may want to use different websites. I
> >> > > don't want just a couple of addresses to be accelerated by squid
> and
> >> > > sent through ssl. What I am looking for is not a normal reverse
> >> > > proxy,
>
> The common examples are all reverse proxy because that is the only way
> browsers will play nice and send requests to Squid over SSL.
>
> Squid itself does not fuss over whether the socket is receiving forward or
> reverse mode traffic. Only intercepted traffic has any problems on arrival,
> and preventing that is why you use SSL right?
>
>
> >> > > glorified with ssl. Unfortunately there is no example of such a
> >> > > setup in
> >> > > wiki though I know a lot of people would want this set up for
> >> > > securing
>
> Remove the "accel" and related reverse-proxy options from any of the good
> tutorial configs, use a certificate having the proxy public domain
> name/port and you have a forward-proxy HTTPS listening setup.
> "simples"(tm).
>
>
> >> > > data in their unsecure local network. The explanations on the web
> >> > > about
> >> > > how to set this up come short of explaining a lot of things about
> an
> >> > > already complex matter.
> >> > > Is Squid able to help me with this?
> >> > > By the way... ssh tunnelling is not an option for me.
>
> Roll up your sleeves then and dig in.
> Firefox has an open bug requesting this behaviour be supported. They need
> code help and/or incentive by the looks of it.
>
>
> Amos
Received on Mon Dec 13 2010 - 18:36:14 MST