On 01/02/11 09:01, Qvalpro Solutions wrote:
Hi Amos,
Thanks for the detailed response. I tried configuring Squid, but
couldn't get it working yet.
Can you please elaborate "You setup Squid as a reverse-proxy and make
old billing application believe Squid is the Payway system. Usually
via DNS". Sorry if this sounds dumb.
Steps followed by myself:
1. Downloaded Squid 2.7 STABLE8 (reverse proxy with SSL support) and
installed it in my windows server which has the billing application
2. Started the Squid service and stored the Payway's digital
certificate inside the "payway" directory in C: of the windows server
3. Added the following options to the squid.conf file:
https_port accel defaultsite=https://ccapi.client......./ccapi
cert=C:\payway\ccapi.pem
defaultsite is the domain name only. ie defaultsite=ccapi.example.com
cache_peer ssl sslcert=C:\payway\ccapi.pem
I presume this works like all the other web API billing systems I've
seen. With the client connects to you like so?
client -> billing -> squid -> payway
In which case you would use:
https_port 443 accel defaultsite=ccapi.example.com
sslcert=<something-self-signed>
cache_peer ccapi.example.com parent 443 0 no-query ssl sslcert=...
to produce:
client -> billing --(SSL internal unverified)--> squid --(SSL
certificate verified)--> payway
The sslcert= for the https_port line can be something self-signed that
the billing system trusts but nobody anywhere else knows about. By
default squid will accept any client who can perform SSL.
If the billing system can be configured to use a proxy for internet
access that is even better, you can remove the http_port line tricks and
just use "http_port 3128" and "never_direct allow all".
OR, you could make the billing->squid section work without SSL at all.
Just make sure the billing system works with http:// URLs and setup
http_port 80 accel defaultsite=.
4. Tried to initiate a test transaction from the billing application,
but it didn't work.
Assumptions made:
1. I have stored the Payway related details (aforementioned https URL,
username, password& Merchant ID for the API) in the billing system
installed in the windows server. I hope that when the billing
application tries to process a credit card payment, the proxy will
automatically take over the transaction.
2. I have not added the username/password of the API to the Squid
configuration. Please let me know if I need to add the details in
Squid proxy too and if yes, kindly provide me the syntax to be used.
Most types of auth you will only need "login=PASS" (exact text) on the
cache_peer line and the credentials at the billing system end point.
Please let me know if I am going in the right direction.
Thanks,
KB.
On Fri, Jan 28, 2011 at 11:08 AM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote:
On 28/01/11 07:48, Qvalpro Solutions wrote:
Hi Folks,
I just started exploring Squid proxy and I am clueless of how to use
Squid in my setup.
Some background on why I am trying to use the Squid proxy:
I have a billing application installed in a windows server. This
particular billing application uses some proprietary file system,
which cannot be customized. I have purchased a Payway API account
(Payway API is nothing but a payment processing system for credit
cards) for using with the billing application. I just noticed that the
Payway API needs a digital certificate to be installed for processing
the payments. Unfortunately, my billing application doesn't allow any
certificate installation. When I spoke to the billing application
development company and Payway, they suggested me to use the Squid
proxy to workaround the problem. I was also told that the Squid proxy
can provide the client certificate.
As I don't have adequate exposure to setting up proxy servers, I have
the following questions:
1. Can I install the Squid proxy in the same server where my billing
application is located?
Yes.
Additional problem though: Windows Squid builds only have experimental SSL
support and are limited to squid-2.7 for now.
If you need to do this for Windows please contact Guido at Acme Consulting
(http://squid.acmeconsulting.it/) for support.
2. How do I connect the billing application to the Squid Proxy? Do I
need to use some port for this and how am I supposed to connect the
Squid Proxy to the Payway API?
You setup Squid as a reverse-proxy and make old billing application believe
Squid is the Payway system. Usually via DNS. Squid handles the rest once
requests are arriving nicely to it.
Start with this:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
it covers the very simple config just to get an accelerator working. Stuff
like SSL require additional config.
3. How do I install the digital certificate provided by Payway in the
Squid proxy and what format of digital certificate is to be used -
.net or PHP or ASP or something else?
Squid uses .PEM format certificates.
After doing the setup from your question 2. You configure Squid to use them
with additional options on the cache_peer line.
Set the "ssl" flag to enable SSL on the link then any of the other ssl*=
options as needed by the Payway system.
http://www.squid-cache.org/Doc/config/cache_peer/
(snipped Q4-6 since they are answerd above as well).
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
