Search squid archive

Re: squid http -> https translation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wiktor Warmus wrote:
Hi, according to the post:

http://www.squid-cache.org/mail-archive/squid-users/200506/0071.html

On 03.06 14:22, Gruskovnjak Oliver wrote:
Is it possible to make squid act as a "translater" ?
The setup should look like that:

There is a server and a client both can change their state to server
or client.

The traffic should look like this:

Client -- HTTP -- Squid -- HTTPS -- Server

- squid-2.5 needs ssl patch do do this. squid-3.0 can do this but it's not released yet.

Server -- HTTPS --Squid --HTTP -- Client

pardon, you don't wnt the server to connect to the client, do you? Why do you want to use SSL? And why can't you use SSL directly from client to server?

To the server there shoudl be a HTTP to HTTPS translation and from
the
server to the client a HTTPS to HTTP translation.

Is it possible to do this with squid ?

I would like to re-ask the same question.
I am trying to run IE via wine on Linux

Eew.

and it's unable to connect to
the sites via https, so I thought about some kind of https-to-http
translation and found the link above with alike issue.



And the answer is nearly the same. 2.5 needs a patch. All the currently supported Squid can do this without trouble in several ways.

* Squid in normal operation can let the browser open a tunnel and shovel HTTPS bits directly between the browser and website.

* Squid can also open https:// URLs if the client browser is happy to be talking unsecured HTTP and let the secure bit only happen between Squid and the website. (There are no actual web browsers I know of that do this, only simplistic web libraries and tools).

* Squid reverse-proxy can translate from public facing HTTPS to a private HTTP-only server if it is given the authoritative SSL certificate and keys for the domain being serviced.


You need to configure IE to use the Squid as a proxy.


NP: If you are trying to make IE secure, using HTTPS will not help. The flaws in IE are in the way it handles HTML. There is no way to do so short of re-coding IE without all its bugs AND re-coding the OS it runs on without its bugs as well.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux