On 12/07/2013 7:52 p.m., Hubeli Daniel wrote:
Hi all, I'm posting for an ssl/acl problem. In my configuration I have 2 proxies, 1 Internal proxy (used by internal users) that serves internal websites and that escalate (cache_peer) to another proxy (external) when needs to go outside. My problem is that an internal server now needs to reach an external website (via SSL/HTTPS) but I need to filter the access on just some paths (the internal server will contact the internal squid that should user the cache_peer to reach the "external" site). From what I've learnt about squid the way to filter paths with HTTPS protocol is to use ssl_bump directive. Actually I've already configured the internal squid with ssl_bump (I've just upgraded to 3.3.7):
The best solution is to have that internal Server send the requests as normal HTTP requests to Squid. Squid is perfectly capable of taking HTTP traffic and wrapping it inside SSL to form HTTPS traffic on the Internet connections (see the sslproxy_* squid.conf directives) . If you need the extra security of an SSL link between that server and Squid then open an SSL/TLS connection to Squid https_port and send the requests as normal HTTP requests inside that.
Amos
