On Wed, 2 Mar 2011 17:50:20 +0100, Leonardo wrote:
> Hi all,
>
> I have successfully set up a bridge on my Debian 5.0.5 with Squid
> 3.1.7 to tunnel http traffic.
? these two concepts do not overlap.
Do you have a bridge server with intercepting proxy on it?
OR a regular forward proxy doing tunneling?
> Through proxy chaining, my Squid
> connects to another non-Squid proxy.
> Would it be possible to do the same with https, or there are security
> issues related to Squid acting as a MITM?
With HTTP tunneling this is not a problem. Set "nonheirarchichal_direct
off" in squid.conf. The tunnel will be diverted through the peer same as
it goes through the local Squid.
With bridging+intercept this is not possible.
MITM would be a bridge+intercept. So no, not possible with HTTPS.
We are slowly building squid towards an architecture where non-HTTP
traffic is not broken in intercept mode. But this is going to take a lot
more work and time to achieve.
Amos
Received on Wed Mar 02 2011 - 22:02:13 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 03 2011 - 12:00:01 MST