Siju John wrote:
Hi, I am planning to configure Squid in a pass through ssl mode where the SSL negotiations should be handled by the end servers.
Squid, as an accelerator, can't tunnel SSL traffic. You are going to have to terminate the SSL connection at squid, and then have it open a new connection to the back end server (using SSL or not), or use DNAT, or a TCP tunneling program.
We have two servers acting as end servers on two different URLs (qaint12.raddns.net and qaint13.raddns.net:5431). The squid proxy acts as a front end to both the sites. Was trying to configure this on squid 3.0 as per the configuration : http_port 80 accel vhost cache_peer 192.168.16.12 parent 80 3130 no-query originserver name=server_1 acl sites_server_1 dstdomain qaint12.raddns.net cache_peer_access server_1 allow sites_server_1 https_port 443 vhost
This route implies you wish to terminate the SSL connection at Squid and make requests to the back end server, but it needs a few more arguments. See http://www.squid-cache.org/Versions/v2/2.6/cfgman/https_port.html
cache_peer 192.168.16.12 parent 80 3130 no-query originserver name=server_3 acl sites_server_3 dstdomain qaint12.raddns.net cache_peer_access server_3 allow sites_server_3 http_port 5431 accel vhost
This should be a https_port directive, and also needs some more arguments.
cache_peer 192.168.16.13 parent 5431 3130 no-query originserver name=server_2
Assuming port 5431 on the back end server is HTTPS, you need to add "ssl" to that argument list.
acl sites_server_2 dstdomain qaint13.raddns.net cache_peer_access server_2 allow sites_server_2 However, when the browser hits the squid proxy, It shows the error unsupported-request-method in the squid logs. Most of the times, it does not even hit the squid and the client browser shows "page cannot be displayed" Would greatly appreciate any help Thanks Siju
Chris
