On Wed, 21 Apr 2010 10:01:27 +0200, "D.Veenker" wrote: > That sounds promising. And also thanks for the tips concerning the correct > cache-headers > > ** Let's assume the SOAP-client can only use unencrypted http, but the > webservice does only accept https requests. In which Squid configuration > setting do I have to set the translation from http to https? Or, how does > Squid know which URL's or domains it has to transfer to https with client > certificates? This is the reason absolute URLs are passed in the request line. They start with a protocol scheme ftp://, http://, https:// and the proxy uses that to tell which server protocol to use to fetch the data. Proxy requests are formatted like so: GET https://example.com/foo HTTP/1.1 Host: example.com ... Different to Normal web server requests which start with: GET /foo HTTP/1.1 Host: example.com ... > > ** In which configuration setting do I have to mention the location of the > client certificates? The sslproxy_* options. http://www.squid-cache.org/Doc/config/ Amos > > -----Oorspronkelijk bericht----- > Van: Amos Jeffries > Verzonden: woensdag 21 april 2010 1:07 > > On Tue, 20 Apr 2010 23:25:59 +0200, "D.Veenker" <dv@xxxxxxxxxx> wrote: >> I am running into the following problem and I think Squid might be just >> the solution I am looking for. But I'm not sure about it. >> >> We are developing an application consuming a SOAP-webservice. The >> platform we are developing on (4D) does not support SSL with client >> certificates. It does support the regular HTTPS features though. >> >> So I was wondering if Squid could help me out, and proxy a regular >> plain-http (or https) request from this newly made application to the >> webservice implementing the SSL connection with client certificates. >> >> Let's say the url of the webservice is: >> https://webservice.domain.com/methods >> From this developed 4D-application I'd like to connect to >> http://webservice.domain.com/methods and let Squid do all the SSL >> features using client certificate authorization. >> >> Situation: >> Application not capable of SSL with client certificates -->> plain >> HTTP-request -->> Squid (+ client certificate provided by webservice >> company) -->> HTTPS request with client certificate -->> SSL Webservice >> >> And of course vice-versa, but I assume you already guessed that. The >> certificates are formatted as .der documents, but I guess I can overcome > >> the problem when squid does only support a particular format by >> converting the certificate. >> >> ** Is this type of proxying possible using Squid? > > Yes. > >> ** How do I configure such a situation in Squid? > > Simply make sure the HTTP requests sent through Squid contain full > absolute URLs starting with https://. > > There are some other details such as the difference between Proxy-* > headers and their regular client->server "normal" versions. > > >> ** What elements need to be compiled with Squid to get these features >> implemented? > > Nothing special. The defaults are fine. > >> >> To be honest I'm an total rookie to Squid so I might need some specific >> help, on the other hand not to lazy to get through some docs when you me > >> point me in the right direction. And last but not least, I have a strong > >> wish to run Squid on a debian server. > > http://wiki.squid-cache.org/ has almost everything you need for playing > with Squid. > > > PS: Just a mention. Check your SOAP underlayer. A lot of SOAP systems uses > POST requests which are not cacheable when they should be using GET > requests which are. Tools that use REST HTTP seems to be better IME when > going through any proxies. > > Amos
