Karandeep Malik wrote:
> Hi,
>
> I intend to install squid 3.0 is my env, suich that it accepts both http and
> https request on seperate ports. The intent is that for http requests it
> would use the port 80, and for https (http with ssl ) I would go for port
> 443.
>
> The https requests would ideally be tunnelled from the squid Server
>
> Http
>
> Client -------->Squid-----> Main Server
>
> Https
> Tunneling SSL handshake
> Client -------------> Squid -------------------------> Main Server
>
> I am unsure about the right config lines for http_port and https_port for this
> purpose. The confusion also comes from the fact that https_port is used for
> reverse proxy accelerator mode (will it also work for Forward proxy
> Tunneling ??)
>
> Please help
>
> Regards,
> Karandeep Malik
It would, however there is one problem:
web browsers do not naturally setup proper SSL handshakes for HTTPS
requests to 443 through proxies. They setup a CONNECT tunnel to the
proxy and HTTPS inside that.
The last person who tried this was using stunnel and found that the
requests were mangled beyond use on arrival at Squid. There is something
about HTTPS requests that non-HTP tunnelers can't seem to do. (I'm not
sure what)
If you are worried about security of information transferred when the
browser sets up a CONNECT, you can relax. All that is transferred is the
HTTPS domain name and port. None of the real request info goes through
unencrypted.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5Received on Fri Feb 20 2009 - 04:33:10 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 12:00:01 MST