[SQU] SSL and transparent (or host acceleration) mode?

From: C. Regis Wilson <[email protected]>
Date: Thu, 7 Sep 2000 07:52:23 -0700

I've read the FAQs and searched on the mailling list but haven't found quite
the same situation as I've got (I've tried a couple of things but none seem
to work):

I want to proxy requests for an internal web server via SSL only (our normal,
non-SSL pages are hosted externally). So, I want something like this (running
solaris on the Squid server, version 2.3STABLE2, by the way):

  external browser <-via SSL-> squid proxy <-via SSL-> internal server

So I read all about transparent proxying and figured I didn't need it. I just
point the DNS records to my squid proxy and do the following:

http_port 443
httpd_accel_host <internalhost>
httpd_accel_port 443

Should work, right? I discovered after some sniffing that the squid is not
proxying; I believe it is in some sort of operation where the browser expects
a key exchange and then offers an encrypted "GET" or what not. Squid sees
gibberish and closes the connection.

By the by, it's running safely with the TIS plug-to, so I know the port
connections are correct and everything runs smoothly. However, the internal
server is running Microblows IIS, the most horibble, despicable, least secure
and vile of all software running on this planet (followed closely by the
operating system Winclose NT itself). I do NOT want people talking to the
Microsucks IIS server directly; even if it's via sanitised TCP.

Any ideas or suggestions?

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Sep 07 2000 - 08:55:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:13 MST