Re: [squid-users] proxy over SSL from John Hardin on 2011-09-15 (squid-users)

From: John Hardin <jhardin_at_impsec.org>
Date: Thu, 15 Sep 2011 18:59:35 -0700 (PDT)

On Thu, 15 Sep 2011, Damien Martins wrote:

> I'd like to provide a proxy (using Squid) trought SSL.
> I know how to let people access URL in https://
> But I'd like them to connect to the proxy trought SSL connection.
>
> Thank for any tip, link, information regarding my case

Read up on a program called "stunnel".

You could use it to set up a SSL tunnel for proxy traffic like this:
(I hope my ASCII art doesn't get too mangled...)

   Client_A on Net A
   Web Browser (proxy = http://Server_A:12345/)
    |
   \_/
   Server_A on Net A
   stunnel listening on 12345/tcp
   |||
   ||| SSL tunnel
   |||
  {untrusted networks}
   |||
   |||
   \_/
   Server_B1 on Net B
   stunnel listening on 23456/tcp
    |
   \_/
   Server_B2 on Net B
   Squid listening on 3128

I'm assuming this is what you mean by "connect to proxy through SSL".

stunnel can use certificates to ensure only Server_A can access
the proxy via Server_B1, if that's a concern.

Also: Server_A and Client_A could be the same computer, and Server_B1 and
Server_B2 could also be the same computer.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin_at_impsec.org    FALaholic #11174     pgpk -a jhardin_at_impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   If "healthcare is a Right" means that the government is obligated
   to provide the people with hospitals, physicians, treatments and
   medications at low or no cost, then the right to free speech means
   the government is obligated to provide the people with printing
   presses and public address systems, the right to freedom of
   religion means the government is obligated to build churches for the
   people, and the right to keep and bear arms means the government is
   obligated to provide the people with guns, all at low or no cost.
-----------------------------------------------------------------------
  2 days until the 224th anniversary of the signing of the U.S. Constitution

Received on Fri Sep 16 2011 - 01:59:42 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 16 2011 - 12:00:03 MDT