Re: [squid-users] https acceleration of multiple http servers?

From: nils toedtmann <[email protected]>
Date: Thu, 21 Nov 2002 01:41:04 +0100

Hi. Thank You for that damned fast answer - wow!

On Thu, Nov 21, 2002 at 10:22:12AM +1100, Robert Collins wrote:
> On Thu, 2002-11-21 at 10:56, nils toedtmann wrote:
[...]
> > squid
>
> (or any SSL web server)

(of course. i didn't want to make squid responsible for this
 SSL/TLS property ;-)

> > has to use _different_ certs on _different_ ip addresses!
> > The "httpd_accel_uses_host_header" does not really help because
> > squid has to hand out the cert to the client depending in the
> > dest ip of the request, and before squid has even seen the "host:"
> > header!
> >
> > So i need multiple "https_port/httpd_accel_host/httpd_accel_port"
> > triples. Can i do this in _one_ squid.conf?
>
> Yes. You associate the cert with the port. That should do it for anyone
> using a web browser. If someone plays games with your server, then the
> worst thing that would happen is they get the content from the wrong
> port - but that will not happen to your users.

That's fine, i'll check that out.
 

Regards, /nils.

ps: I still would prefer to bind a "http[s]_port" to a
    "httpd_accel_[host|port]" to get rid of
    "httpd_accel_uses_host_header" and to gain more control over
    the possible connections (ie a firewall in front of squid could
    be involved in ip-based access control). Maybe as a future
    feature?

-- 
nils toedtmann
technische abteilung
marcant internet-services gmbh <http://www.marcant.net>
Received on Thu Nov 21 2002 - 09:49:09 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:28 MST