RE: [squid-users] reverse proxy and squid 2.5/2.6

From: Paolo Biancolli <[email protected]>
Date: Wed, 18 Oct 2006 12:55:22 +0200

Hi,

How will this affect say outlook web access (or any other
authentication)? Does it mean that users will not be able to
authenticate to the backend server properly?

Thanks
Paolo

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: 17 October 2006 11:45 PM
To: Paolo Biancolli
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] reverse proxy and squid 2.5/2.6

tis 2006-10-17 klockan 15:56 +0200 skrev Paolo Biancolli:

> Is it possible to set up a reverse proxy with squid 2.5 or 2.6 to
> receive https requests on port 443 and have squid make the new request

> to the actual web server also using an ssl connection.

Yes, with 2.6. Very easy. But keep in mind that it terminates the SSL
and then opens a new SSL connection so the certificate seen by the
client is the certificate installed in Squid, and you can't use client
certificates authenticating to the backend web server.

2.5 requires some patching to make SSL backend servers work, and even
then it's a bit messy..

Regards
Henrik

<html><body><font face = "verdana" size = "0.8" color = "navy">This communication is intended for the addressee only. It is confidential. If you have received this communication in error, please notify us immediately and destroy the original message. You may not copy or disseminate this communication without the permission of the University. Only authorized signatories are competent to enter into agreements on behalf of the University and recipients are thus advised that the content of this message may not be legally binding on the University and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of The University of the Witwatersrand, Johannesburg. All agreements between the University and outsiders are subject to South African Law unless the University agrees in writing to the contrary.</font></body></html>
Received on Wed Oct 18 2006 - 04:55:51 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST