i.linty@xxxxxxxxxxxxxx wrote:
Thank's
But how I can do this ?
My squid release:
Name : squid-beta Relocations: (not relocatable)
Version : 3.0 Vendor: SUSE LINUX
Products GmbH, Nuernberg, Germany
Release : 282 Build Date: Sun 26 Nov 2006
12:11:00 PM CET
Install Date: Fri 16 Nov 2007 10:08:52 AM CET Build Host:
Fatou.suse.de
Group : Productivity/Networking/Web/Proxy Source RPM:
squid-beta-3.0-282.src.rpm
Size : 4912996 License: GNU General Public
License (GPL)
Signature : DSA/SHA1, Sun 26 Nov 2006 12:19:56 PM CET, Key ID
a84edae89c800aca
Packager : http://bugs.opensuse.org
URL : http://www.squid-cache.org
Summary : Squid V3.0 WWW Proxy Server (new version)
Description : A recent development snapshot of the squid V3.0 WWW proxy
server.
Authors: Duane Wessels <wessels@xxxxxxxxxxx>
Distribution: openSUSE 10.2 (i586)
This is my squid.conf:
https_port 443 cert=/home/ilinty/pingu.cert key=/home/ilinty/pingu.pem
capath=/home/ilinty/pingu/ vhost
ALL traffic entering squid at port 443 for any site use these certs.
To have multiple websites using this port the cert apparently needs to
be a multi-site cert.
cache_peer 10.1.0.180 parent 80 0 no-query originserver login=PASS
name=www
cache_peer_domain www 10.1.1.53 sslname=10.1.1.53
cache_peer 10.1.0.199 parent 80 0 no-query originserver front-end-https
proxy-only no-digest login=PASS name=itaca
cache_peer_domain itaca pingu.regione.vda.it
acl all src 0.0.0.0/0.0.0.0
If the dev release you are using is recent enough you should be getting
WARNING:'s about this acl. They mean its now pre-defined from 10th Nov
and does not go in squid.conf :-)
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl portatile src 10.1.70.69/255.255.255.255
acl reteravda src 10.0.0.0/255.0.0.0
#acl certabilitati user_cert O Ravda
http_access allow reteravda
http_access allow portatile
http_access deny all
--------------------
Now I want to add certification authentication to the 2nd site
pingu.regione.vda.it --> 10.1.0.199 (itaca.regione.vda.it)
Can someone help my ?
I don't know also if the options: "no-query originserver front-end-https
proxy-only no-digest" are alle correct ...
proxy-only - will prevent all caching of static content. This removes
most of the bandwidth savings of squid as an accelerator.
front-end-https - sounds right, but I'm not too up in that area yet.
no-query, no-digest - good for a non-squid peer. Prevent cache-to-cache
protocols being used. maybe also no-netdb-exchange if netdb is built in.
Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote on 11/16/2007 01:07:23 PM:
On Fri, Nov 16, 2007, i.linty@xxxxxxxxxxxxxx wrote:
Hi,
I'm new in this mailing list. Greetings to all!
Can someone tell me if using squid is possible to make a proxy https
to
http in order to securize some intranet sites.
Yes its entirely possible. :)
Adrian
