RE: [squid-users] reverse ssl-proxy?

From: John Hally <[email protected]>
Date: Wed, 19 Nov 2003 16:59:57 -0500

Thanks Henrik.

One thing I'm not clear on is how DNS works in this scenario. Does the
remote client resolver resolve hosts, or does the browser just forward on
the url to the proxy and the proxy does the lookup on behalf of the client?

If this is the case, I would imagine that by setting your browser's proxy
setting to the proxy address, and the proxy using the intranet DNS server,
things would work without having to modify the intranet content. Is this
not the case?

In a nutshell, I've been tasked with creating a reverse proxy (preferably
SSL) that will allow remote clients to set this system as their proxy in
their browser, and see intranet web servers.

I envision this:

setting up a squid proxy with two nics, one internally addressed, the other
publicly addressed.

setting up the proxy to use the internal DNS servers for hostname
resolution.

setting the proxy to only proxy for the internal domain (this way the remote
client would have to disable using the proxy for internet access, and enable
for intranet access. ?!?)

setting up some type of proxy authentication. (NTLM maybe)

Basically I've been tasked to make this work, and need to know if it's
feasible with squid. If so making it work is the next step.

thanks for all the help!

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@marasystems.com]
Sent: Wednesday, November 19, 2003 1:09 AM
To: John Hally
Cc: Squid Users
Subject: RE: [squid-users] reverse ssl-proxy?

On Tue, 18 Nov 2003, John Hally wrote:

> It would be a proxy for multiple servers. I'm thinking something like
5-10
> web service servers. You wouldn't happen to have a sample config file,
> would you? I've looked through the docs and it looks like it gets complex
> pretty quickly. Do you think it would make sense to use Apache instead
with
> mod_ssl and mod_rewrite?

The complexity is pretty much the same when using Apache. The complexity
comes from having to merge the URL namespace of all the web services into
one large virtual server from where the content of all the published
services are found.

mod_ssl == https_port in squid

mod_rewrite == redirector in squid

If the content can be adjusted for being published on the Internet via the
reverse proxy then things are not as complex.

Regards
Henrik
Received on Wed Nov 19 2003 - 14:59:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:23 MST