Search squid archive

Re: SSL Accel - Reverse Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tory M Blue wrote:
On Fri, May 2, 2008 at 5:25 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

 You made the situation clear. I mentioned the only reasonably easy
solution.
 If you didn't understand me, Keith M Richad provided you with the exact
squid.conf settings I was talking about before.


Obviously i have not., and I apologize.

I want Squid to handle both HTTP/HTTPS (easy, implemented working for months).

I want SQUID to talk to the backend server via HTTP.. period,  (EASY)

I want SQUID to handle the https encryption/description and talk to
the origin server via http . (EASY)

I want Squid to somehow inform the origin that the original request
was in fact HTTPS (HOW, is the question at hand)

I can do SSL and pass it and have squid handle the SSL without issue.,
the issue is allowing the origin insight as to the originating
protocol, if squid accepts the client connection on 443 and sends the
request to the origin on port 80....

The issue is that I don't want my backend server to have to deal with
ssl at all. But I have some applications that require the request be
https (secured pages),  So if Squid could pass something in the header
citing that the original request was made via https, than my code
could take that information, and know that sending secured data via
non secure method is okay, since Squid will encrypt the data and send
to the client before that data leaves my network.

I had similar questions with squid sending the original http version
information in a header, which it does. Now I'm wondering if squid
keeps track of the original requesting protocol, so that my
application can look at the header and decide if the original request
came in as https (Since the origin at this point believes not, since
squid is talking to the origin via http and talking to the client via
https.)

Sorry that I seem to be making this complicated, it totally makes
sense in my head (: )

No worries (on our part at least).

The HTTP-only back-end requirement is a major hurdle for you.

No release of Squid has that capacity in any easy way. You will need to add new code to squid one way or another. Or have it added for you.

You could try coding up an ICAP adaptor for Squid 3.0+ that just adds headers. Or make a url-rewrite setup adding a piece to the URL the server application receives.



Tory

I'm not sure how to be clearer and would be happy to email directly
with someone , aim, or phone

Amos
--
Please use Squid 2.6.STABLE20 or 3.0.STABLE5

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux