Henrik Nordstrom wrote:
ons 2007-06-06 klockan 10:26 -0700 skrev Michael Puckett:
I have a 2 level squid setup. Several top level parent cache servers
which connect to the internet with multiple child servers supporting my
internal subnets. Is it possible to configure the top level servers to
use SSL over the internet and cache the objects locally while allowing
the child servers to operate internally with no SSL requirement?
Yes, but with limitations.
a) If your clients sends https:// URLs to Squid using HTTP (not CONNECT)
then the Squid closest to the origin server will wrap them up in SSL.
The intention would be that the clients should not even know that the
top level was using SSL to the origin servers. The clients would make a
regular http:// access. Of course, if the client does use https://
accesses then the CONNECT tunneling through the cache servers would be
expected.
b) For selected sites you can have Squid act as an accelerator, so that
eve if the client requests http://some.site/ squid will still wrap the
request in SSL. See the cache_peer (and cache_peer_access) directive.
What do you mean by "act as an accelerator"? Just the regular proxy
caching? If so , this sounds like what I am after.
c) It's also possible to do 'b' by using an url rewriter/redirector to
rewrite the request from http:// to https:// on the fly.
What would be the advantage of using a url rewriter?
Best regards,
-mikep
