On Wed, Mar 2, 2011 at 11:02 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Wed, 2 Mar 2011 17:50:20 +0100, Leonardo wrote: >> >> Hi all, >> >> I have successfully set up a bridge on my Debian 5.0.5 with Squid >> 3.1.7 to tunnel http traffic. > > ? these two concepts do not overlap. > > Do you have a bridge server with intercepting proxy on it? > OR a regular forward proxy doing tunneling? Sorry, forgot to specify. It's a transparent (=intercepting) proxy on a bridge server, built as described in http://freshmeat.net/articles/configuring-a-transparent-proxywebcache-in-a-bridge-using-squid-and-ebtables . (The article refers to an older version of Squid; I adapted squid.conf for my newer version.) > >> Through proxy chaining, my Squid >> connects to another non-Squid proxy. >> Would it be possible to do the same with https, or there are security >> issues related to Squid acting as a MITM? > > With HTTP tunneling this is not a problem. Set "nonheirarchichal_direct off" > in squid.conf. The tunnel will be diverted through the peer same as it goes > through the local Squid. > > With bridging+intercept this is not possible. > > MITM would be a bridge+intercept. So no, not possible with HTTPS. > > We are slowly building squid towards an architecture where non-HTTP traffic > is not broken in intercept mode. But this is going to take a lot more work > and time to achieve. > > Amos That's too bad, but thanks a lot anyway for your answer. I look forward for this new coming-not-so-soon feature. L.
