On Monday 11 August 2014 at 09:33:31 (EU time), Sapan Shah wrote:
> Dear All,
>
> I would like to configure squid as secured Proxy Server for securing
> communication between web browser and SQUID so SQUID will use SSL or
> secured connection to web browser for handling HTTPS and HTTP requests.
Security between the client and the proxy, without security between the proxy
and the web server? Why?
> Example:
> 1. When user is trying to access web site like: www.abc.com,
> 2. The browser will create SSL/secured connection like HTTPS with SQUID,
> 3. The SQUID will manipulate the request,
> 4. The SQUID will connect to web site http://www.abc.com as normal HTTP
> request/connection.
> 5. The SQUID will send response returned from site www.abc.com to the
> web browser securely through SSL.
Where does Squid sit in the network configuration in the above setup?
I'm assuming you don't run the remote website www.abc.com (otherwise you'd
just put SSL straight on that).
If you have a short, basically private, network connection between the Squid
proxy and www.abc.com, then I'd suggest a better way of doing this is to
configure Apache in reverse proxy mode, or use stunnel - both of those can
accept an inbound SSL connection and convert it to an unencrypted HTTP
connection on the private backend link.
If Squid is near to the users, and www.abc.com is somewhere "over the
Internet", then who are you trying to kid? Giving people an HTTPS connection
which then goes unencrypted over the Internet is very bad security practice,
because you're making them think they have end-to-end encryption when in fact
they don't. You simply should not do this.
If you need more guidance on setting up a reverse proxy (either using Apache,
or Squid), or using stunnel, you should be able to find several tutorials from
an appropriate Google search.
Regards,
Antony.
-- I love deadlines. I love the whooshing noise they make as they go by. - Douglas Noel Adams Please reply to the list; please *don't* CC me.Received on Mon Aug 11 2014 - 08:08:17 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 11 2014 - 12:00:06 MDT