I'm wanting to know whether this is a capability of squid, or if anyone 
knows another FOSS product that can do it.
The scenario:
I have an upstream firewall and proxy that I do not control, and the 
only access to the internet is via the proxy, which uses proxy basic 
authentication (and is probably running squid).
I am running my own copy of squid on the network, passing through proxy 
authentication credentials to the upstream proxy.
Some devices (android phones mostly) on the local network don't have a 
facility to specify a proxy server.  For these devices, I intercept the 
http traffic at my squid box and send it to the upstream proxy with 
squid supplying a generic proxy password to the upstream proxy.
The upstream proxy is represented by two different cache_peer lines in 
the config; the one used is selected by ACLs.
This all works very well for http.  However, I would like to do the same 
for https traffic.  This should be quite do-able, but as far as I can 
tell squid can't do this?
HTTPs traffic could be intercepted by iptables and sent to a port on 
which squid listens.  Squid can find the original intended destination 
IP via a syscall, then supply the generic password to the upstream proxy 
and use a CONNECT to connect through to that address.  Squid would not 
need to be "in the middle" and deal with decryption/encryption, it would 
simply pass through the data as it does when set as an https proxy in 
the normal case.
Can squid be configured to do this?  What other options are there?
Cheers,
Alex
Received on Thu Dec 02 2010 - 04:19:14 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 02 2010 - 12:00:01 MST