Karandeep Malik wrote:
Hi,
I intend to install squid 3.0 is my env, suich that it accepts both http and
https request on seperate ports. The intent is that for http requests it
would use the port 80, and for https (http with ssl ) I would go for port
443.
The https requests would ideally be tunnelled from the squid Server
Http
Client -------->Squid-----> Main Server
Https
Tunneling SSL handshake
Client -------------> Squid -------------------------> Main Server
I am unsure about the right config lines for http_port and https_port for this
purpose. The confusion also comes from the fact that https_port is used for
reverse proxy accelerator mode (will it also work for Forward proxy
Tunneling ??)
Please help
Regards,
Karandeep Malik
It would, however there is one problem:
web browsers do not naturally setup proper SSL handshakes for HTTPS
requests to 443 through proxies. They setup a CONNECT tunnel to the
proxy and HTTPS inside that.
The last person who tried this was using stunnel and found that the
requests were mangled beyond use on arrival at Squid. There is something
about HTTPS requests that non-HTP tunnelers can't seem to do. (I'm not
sure what)
If you are worried about security of information transferred when the
browser sets up a CONNECT, you can relax. All that is transferred is the
HTTPS domain name and port. None of the real request info goes through
unencrypted.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.5
