Re: [squid-users] SSL Accel - Reverse Proxy

From: Tory M Blue <tmblue@dont-contact.us>
Date: Fri, 2 May 2008 10:41:07 -0700

On Fri, May 2, 2008 at 5:25 AM, Amos Jeffries <squid3@treenet.co.nz> wrote:

>
> You made the situation clear. I mentioned the only reasonably easy
> solution.
> If you didn't understand me, Keith M Richad provided you with the exact
> squid.conf settings I was talking about before.

Obviously i have not., and I apologize.

I want Squid to handle both HTTP/HTTPS (easy, implemented working for months).

I want SQUID to talk to the backend server via HTTP.. period, (EASY)

I want SQUID to handle the https encryption/description and talk to
the origin server via http . (EASY)

I want Squid to somehow inform the origin that the original request
was in fact HTTPS (HOW, is the question at hand)

I can do SSL and pass it and have squid handle the SSL without issue.,
the issue is allowing the origin insight as to the originating
protocol, if squid accepts the client connection on 443 and sends the
request to the origin on port 80....

The issue is that I don't want my backend server to have to deal with
ssl at all. But I have some applications that require the request be
https (secured pages), So if Squid could pass something in the header
citing that the original request was made via https, than my code
could take that information, and know that sending secured data via
non secure method is okay, since Squid will encrypt the data and send
to the client before that data leaves my network.

I had similar questions with squid sending the original http version
information in a header, which it does. Now I'm wondering if squid
keeps track of the original requesting protocol, so that my
application can look at the header and decide if the original request
came in as https (Since the origin at this point believes not, since
squid is talking to the origin via http and talking to the client via
https.)

Sorry that I seem to be making this complicated, it totally makes
sense in my head (: )

Tory

I'm not sure how to be clearer and would be happy to email directly
with someone , aim, or phone
Received on Fri May 02 2008 - 17:41:15 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT