Is it maybe possible to intercept the http:// request over port 80 with
IPTABLES and redirect it to Squid?
Then let an ICAP add-on (or the internal rewriter) rewrite the URL to
https://. Then let Squid do all the SSL with client certificates with
the actual https-server.
Last, Squid forwards the server-reply to the client (maybe also by using
some IPTABLE tricks) to the client in regular un-encrypted http.
Is this possible? An if yes, then how? I can only imagine some config
need to be done to get this up-and-running if possible.
It would be the perfect transparent ssl-proxy for clients that are not
capable of SSL (and SSL client certificates)
Greetz, Dj.
Amos Jeffries wrote:
D.Veenker wrote:
My web client is not capable of SSL and definitely no client
certificates.
- Can Squid do all the SSL-work in a transparent way, including the
client cerificates?
Yes. BUT ...
- How does the config look like?
... it's the client software which must pass URLs starting with
https:// to Squid to process.
squid.conf looks like normal.
- Do a need to recompile Squid with --enalble-ssl?
I don't think so.
Amos
