tis 2008-04-01 klockan 15:15 +0900 skrev ssoo@xxxxxxxxxxxxxxx: > Squid-2.6.STABLE19 have sslproxy* directives. > Can it support forward proxying http? Not really no. This feature allows Squid to gateway requests to http. I.e. if Squid receives an request for https:// over HTTP, or if you use an url rewriter to rewrite requests from http to https while it's forwarded by Squid. But there is a hidden define which enables a proof of concept for https decryption of proxied requests making Squid send them to your first https_port. And https_port also supports transparent interception just like http_port. But it's no more than a proof of concept and there is many shortcomings making it not suitable for production use - Always the same certificate presented no matter what site the user requested, which means a lot of security warnings in the client on each new site requested. - No control over server certificate validation. It's either accept anything, or reject almost anything.. > Below is part of squid FAQ: > "Unsupported Request Method and Protocol" for ''https'' URLs. > > The information here is current for version 2.3 This section isn't valid any more.. but is about a browser bug where some browsers forgot to enable SSL when using a proxy and switching from http to https on the same requested site... (iirc there was also similar issues with some browsers forgetting to enabling SSL when using proxy authentication). It's even a duplicate of another FAQ section where this is explained better.. removed. Regards Henrik
