On Wed, 2 Mar 2011 17:50:20 +0100, Leonardo wrote:
Hi all,
I have successfully set up a bridge on my Debian 5.0.5 with Squid
3.1.7 to tunnel http traffic.
? these two concepts do not overlap.
Do you have a bridge server with intercepting proxy on it?
OR a regular forward proxy doing tunneling?
Through proxy chaining, my Squid
connects to another non-Squid proxy.
Would it be possible to do the same with https, or there are security
issues related to Squid acting as a MITM?
With HTTP tunneling this is not a problem. Set "nonheirarchichal_direct
off" in squid.conf. The tunnel will be diverted through the peer same as
it goes through the local Squid.
With bridging+intercept this is not possible.
MITM would be a bridge+intercept. So no, not possible with HTTPS.
We are slowly building squid towards an architecture where non-HTTP
traffic is not broken in intercept mode. But this is going to take a lot
more work and time to achieve.
Amos
