Karandeep Malik wrote:
Hi, I wish to configure squid in such a way that The client should be able to authenticate proxy by Basic/Digest/NTLM. It should accept HTTP and HTTPS requests on different ports. I am confused about how to enable both simultaneously. I saw some examples using https_port but I got none working so...My Squid version is 2.6 stable 10
Those examples are for Reverse-Proxies. Which occasionally need to handle termination of HTTPS requests on behalf of accelerated web servers.
From squid doc I got to understand that their are two ways of Client -> Proxy->Server connection 1) Client connects with Proxy at https port. Proxy tunnels the request to sever without modifying the messages, through the connect method. And client server exchange certificates.
This is default standard proxy. Nothing special needs to be done to squid. Client browser must be configured to use proxy for HTTPS traffic.
2) Client connects to Proxy at https port. Proxy and client have exchnage of certifcates. And an ssl connection is established between the two. Now, Proxy modifies the request and establishes the connection between the Proxy and Server by exchange of certificates between the two.
This is the reverse-proxy method.
I would request any working - squid.conf - config lines, if possible.
To mix the two modes, just setup multiple port entries and keep two sets of access controls in squid.conf. Lete get thir straing that you do actually want Squid to act as a standard proxy for internal clients getting out. And as a reverse-proxy for remote clients visiting your local website?
The reverse-proxy access controls are usually allowing global access to the site, so they must go at the top of all access controls.
The standard proxy config is usually much more restrictive to keep control of internal users. So those access control must go at the end after the last reverse-proxy ones.
Amos -- Please use Squid 2.7.STABLE3 or 3.0.STABLE7
