On fre, 2008-06-06 at 22:59 +0800, Ken W. wrote: > I want to set squid, which accepts https from clients, then forward the > request to original server with http protocal. > > This is the setting I considered: > > https_port 443 accel vhost cert=/squid/etc/xxx.crt key=/squid/etc/xxx.key > protocol=http Don't use protocol= unless you absolutely need it. > cache_peer 10.0.0.1 parent 80 0 no-query originserver name=origin_1 > acl service_1 dstdomain .xxx.com > cache_peer_access origin_1 allow service_1 Looks fine. > Then I access to squid with this way: > https://www.xxx.com/ > > Can squid accept this https request and forward it to original server with > http correctly? Yes. But you are quite likely to run into issues with the server sending out http:// URLs in it's responses unless the server has support for running behind an SSL frontend. See for example the front-end-https cache_peer option. > btw, what's the usage of "protocol=http"? I can't understand for it > enough. It's the protocol Squid should internally assign to the requested URL. When acting as a web server / accelerator the request does not contain information on the protocol used, just the request-path. It has only marginal practical importance, and is best left at the default automatic setting unless you have very special reasons to change it. Regards Henrik