I am following up on Merton's email. We have Squid working as a reverse proxy in our environment and would like to add SSL for secure authentication of the users. The regular HTTP traffic is not encrypted. I couldn't find much help on configuring Squid with SSL beside the reference about https_port directive. Could anyone provide an example of using the SSL directives in Squid? We are using Squid 2.5 stable10 on RedHat El 3.0. Thanks, Dimitar ---------------------------------------- Merton Campbell Crockett <m.c.crockett@xxxxxxxxxxxx> 04/12/2006 10:18 AM To Dwayne Hottinger <dhottinger@xxxxxxxxxxxxxxxxxxxxxx> cc "squid-users@xxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxx> Subject Re: ssl port 443 On 12 Apr 2006, at 06:49 , Dwayne Hottinger wrote: > Sirs, > > > I would like to have all internet requests go through my proxy > server. My > firewall now redirects all port 80 requests to my proxy server, I > would like to > have port 443 requests go their also, because my filtering software > resides on > the proxy server, and to get around the filter, all one has to do > is use https: > and they are no longer subject to the rules. I read through the > faq on https: > and it doesnt look like this is what I want. I added a rule to my > firewall to > redirect port 443 traffic to my proxy server and it doesnt seem to > work > (timeouts), plus I have nothing in either cache.log or access.log > to indicate > that https: traffic is connecting. Do I have to do another build > of squid and > --enable-https: or is this only for reverse proxy for my internal > servers? Or > can I add an acl to address https traffic and if so, what? I am > running Squid > Cache: Version 2.5.STABLE6 > configure options: --enable-storeio=diskd,ufs --enable- > smartfilter. Redhat > linux 8 kernel 2.4.19. Dwayne: This is not going to work. The only time that anything will be visible is during the initial establishment of the SSL connection between the client (browser) and the server. After the SSL connection is established, the HTTP request from the client and the HTTP response from the server are encrypted. You won't be able to apply your filtering rules. I am not part of the Squid development team and haven't used the HTTPS features. This feature only makes sense when Squid is being used as a front-end to a server where the SSL connection is being established between the client and the Squid proxy server with communications between the Squid proxy server and the HTTP server being performed without encryption. I'm sure that the Squid development team will correct me if I am wrong. Merton Campbell Crockett m.c.crockett@xxxxxxxxxxxx
