Search squid archive

Re: question about encrypted connection between https client and Squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



02.03.15 2:55, Eliezer Croitoru пишет:
> Hey Yuri,
> 
> On 01/03/2015 20:17, Yuri Voinov wrote:
>> Normally you never use CONNECT method over HTTP ports. This is 
>> prohibited by squid basic security requirements.
> 
> The above statement is true only if the proxy admin prohibit this. 
> A CONNECT method can be allowed and can be used for any purpose
> what so ever the admin of the server sees right. There are basic
> default settings which allows the usage of a CONNECT method only to
> access specific "ssl safe ports".

Sure. But this is best option for newbies.

> 
> The "right" way (if these one) to access squid using an encrypted 
> channel would be throw either a tunnel or another proxy which can 
> forward the request into squid. If the client supports encrypted
> proxy connection you can try to use squid 3.5.2 and a combination
> of haproxy in-front.

Will can. When it will completely functional with interception bumping.

> On the haproxy use a ssl based listening port while between haproxy
> to the squid service you would need to use an unencrypted channel. 
> Then you can use haproxy PROXY protocol to let squid know what is
> the client src IP address.

This is environment-specific and non-common.

> 
> All The Bests, Eliezer
> 
> * I did not tested this feature yet but it is on my todo list, for
> now 3.5.2 seems very stable. 
> _______________________________________________ squid-users mailing
> list squid-users@xxxxxxxxxxxxxxxxxxxxx 
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU834QAAoJENNXIZxhPexGiaoIAK2QPyX8iCoSqUyDtBE6j6wN
hx/3gtSYtC697YmqQjti/U1X1F++eSjh8xgLi0Qna9jAyRkN7P9VkJHDqM1CL09g
VXqB8sLBxSFH7RBWOl0ytVHtvyiIC0FSafNxlXONJb1lRXxo5cH6zHw4CK+vrdvM
ZUZIBrfzAvK69yMw97mPwl+RdZxFrAQHSFbu4TrycAr0zaxHM8BGZwhCBjNluJ1M
rGVqLDiu0wi9EMdiYNpn6pvCFzc77+Lsui2XdHxN0ztcumOLgveLVq8dMsm6KcGc
yKwchfW/ATg/krCO4pgdpkX59ttBRKT1WFTpE8IDA16cg/olOCaDGvMTMWYpSsU=
=31rK
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux