Re: [SQU] SSL and transparent (or host acceleration) mode?

From: C. Regis Wilson <[email protected]>
Date: Thu, 7 Sep 2000 13:13:22 -0700

>> I want to proxy requests for an internal web server via SSL only (our normal,
>> non-SSL pages are hosted externally). So, I want something like this (running
>> solaris on the Squid server, version 2.3STABLE2, by the way):
>
>Squid is not a SSL proxy.
>
Not transparently, you mean. It works in regular proxy mode. But I get the
drift.

>> By the by, it's running safely with the TIS plug-to, so I know the
>> port connections are correct and everything runs smoothly. However,
>> the internal server is running Microblows IIS, the most horibble,
>> despicable, least secure and vile of all software running on this
>> planet (followed closely by the operating system Winclose NT itself).
>> I do NOT want people talking to the Microsucks IIS server directly;
>> even if it's via sanitised TCP.
>>
>> Any ideas or suggestions?
>
>Ok, so you do actually want to HTTP proxy SSL requests to be able to
>filter the requests. This is possible by using a modified Squid running
>as a SSL enabled accelerator
>
>external browser <-via SSL-> SSL enabled Squid cache <-via HTTP-> origin
>server
>
>In this setup the Squid server is the SSL endpoint the browsers connect
>to. The proxy then unencrypts and verifies the requests before being
>forwarded to the origin server, and also caches the traffic.
>
>See http://squid.sourceforge.net/
>
http://netizen.com.au/~benno/ is the link I followed from there. Good site.
And it solves the problem, I bet. Thanks.

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Sep 07 2000 - 14:16:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:14 MST