Re: [squid-users] Squid SSL Bump transparently CONNECT for another proxy

From: Antony Stone <>
Date: Sat, 7 Jun 2014 14:24:08 +0100

On Saturday 07 June 2014 at 14:16, Jatin Bhasin wrote:

> Hello,
> We have a test set up as below:
> Client <----> SQUID(PROXY1) <----> PROXY2 <-----> SERVER
> In the above set up Client browser is configured to point to PROXY2.
> So client sends the CONNECT request to PROXY2.
> PROXY1 which is running SQUID is transparently detecting this CONNECTION.

1. Why are you using transparent intercept when the client is configured to
connect to Proxy2? Why not just let the client connect, and have Proxy1
ignore it?

2. What port number/s are you intercepting? You would normally use
transparent intercept on ports 80/443, for example, whereas a client-proxy
connection would be on 3128. Why intercept the proxy port, instead of just
the HTTP port?

> The goal is that PROXY1 should bump the SSL connection between client
> and the PROXY2.

What's the purpose of this? Why not just connect from the client to proxy2?

> Hence, I believe that PROXY1 should send the CONNECT request to PROXY2
> and then all the data transfers occurs between PROXY1 and PROXY2.
> PROXY1 should then bump the traffic and send it to client.
> Is this possible? Please suggest the SQUID(PROXY1) configuration
> settings to achieve this.



"Black holes are where God divided by zero."
 - Steven Wright
                                                     Please reply to the list;
                                                           please don't CC me.
Received on Sat Jun 07 2014 - 13:24:18 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 07 2014 - 12:00:04 MDT