On Wed, 21 Apr 2010 10:01:27 +0200, "D.Veenker" wrote:
> That sounds promising. And also thanks for the tips concerning the
correct
> cache-headers
>
> ** Let's assume the SOAP-client can only use unencrypted http, but the
> webservice does only accept https requests. In which Squid configuration
> setting do I have to set the translation from http to https? Or, how
does
> Squid know which URL's or domains it has to transfer to https with
client
> certificates?
This is the reason absolute URLs are passed in the request line. They
start with a protocol scheme ftp://, http://, https:// and the proxy uses
that to tell which server protocol to use to fetch the data.
Proxy requests are formatted like so:
GET https://example.com/foo HTTP/1.1
Host: example.com
...
Different to Normal web server requests which start with:
GET /foo HTTP/1.1
Host: example.com
...
>
> ** In which configuration setting do I have to mention the location of
the
> client certificates?
The sslproxy_* options.
http://www.squid-cache.org/Doc/config/
Amos
>
> -----Oorspronkelijk bericht-----
> Van: Amos Jeffries
> Verzonden: woensdag 21 april 2010 1:07
>
> On Tue, 20 Apr 2010 23:25:59 +0200, "D.Veenker" <dv_at_veenker.tk> wrote:
>> I am running into the following problem and I think Squid might be just
>> the solution I am looking for. But I'm not sure about it.
>>
>> We are developing an application consuming a SOAP-webservice. The
>> platform we are developing on (4D) does not support SSL with client
>> certificates. It does support the regular HTTPS features though.
>>
>> So I was wondering if Squid could help me out, and proxy a regular
>> plain-http (or https) request from this newly made application to the
>> webservice implementing the SSL connection with client certificates.
>>
>> Let's say the url of the webservice is:
>> https://webservice.domain.com/methods
>> From this developed 4D-application I'd like to connect to
>> http://webservice.domain.com/methods and let Squid do all the SSL
>> features using client certificate authorization.
>>
>> Situation:
>> Application not capable of SSL with client certificates -->> plain
>> HTTP-request -->> Squid (+ client certificate provided by webservice
>> company) -->> HTTPS request with client certificate -->> SSL Webservice
>>
>> And of course vice-versa, but I assume you already guessed that. The
>> certificates are formatted as .der documents, but I guess I can
overcome
>
>> the problem when squid does only support a particular format by
>> converting the certificate.
>>
>> ** Is this type of proxying possible using Squid?
>
> Yes.
>
>> ** How do I configure such a situation in Squid?
>
> Simply make sure the HTTP requests sent through Squid contain full
> absolute URLs starting with https://.
>
> There are some other details such as the difference between Proxy-*
> headers and their regular client->server "normal" versions.
>
>
>> ** What elements need to be compiled with Squid to get these features
>> implemented?
>
> Nothing special. The defaults are fine.
>
>>
>> To be honest I'm an total rookie to Squid so I might need some specific
>> help, on the other hand not to lazy to get through some docs when you
me
>
>> point me in the right direction. And last but not least, I have a
strong
>
>> wish to run Squid on a debian server.
>
> http://wiki.squid-cache.org/ has almost everything you need for playing
> with Squid.
>
>
> PS: Just a mention. Check your SOAP underlayer. A lot of SOAP systems
uses
> POST requests which are not cacheable when they should be using GET
> requests which are. Tools that use REST HTTP seems to be better IME when
> going through any proxies.
>
> Amos
Received on Wed Apr 21 2010 - 23:16:11 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 29 2010 - 12:00:14 MDT