Search squid archive

Re: Reverse proxy with HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14/06/11 03:14, Alejandro Cabrera Obed wrote:
Dear, I have a Debian + Squid proxy reverse machine working very well
for HTTP internal sites.

But now I have to setup a reverse resolution for a HTTPS external site
in a non-default port:

https://www.company.com:7000


Nowadays the Debian+Squid box has http and https proxy setup to get
Internet sites:

export http_proxy=http://10.1.1.1:3128
export https_proxy=http://10.1.1.1:3128

(10.1.1.1 is our company proxy)


So how can I implement a HTTPS reverse site with Squid in my scenario ???

Assuming you still have the basic security in place your proxy will be locked down as to which ports it can blindly relay HTTPS to.

Normally you would just add this:
  acl SSL_ports port 7000

BUT... port 7000 is one of the common ports used by IRC (think botnet master C&C servers).
So I will advise a bit more strictness. Like so:

 ...
 acl SSL_ports port 443 7000
 http_access deny CONNECT !SSL_ports   <-- already in squid.conf

 acl ABC dstdomain .example.com
 acl port7000 port 7000
 http_access deny CONNECT port7000 !ABC
 ...


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.9 and 3.1.12.3


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux