On 14/04/2015 11:57 p.m., Abdelouahed Haitoute wrote: > > There are two thing I haven’t realized in the development > environment, because I don’t know how: > 1. Making the Squid 3.1.10 to use a proxy system, because that’s our > policy to communicate to the outside world. In apache we use the > following directive: “ProxyRemote https http://192.168.68.102:3128 > <http://192.168.68.102:3128/>" In squid.conf: cache_peer 192.168.68.102 parent 3128 0 > > 2. Making the configuration variable as much as possible. So the > Squid 3.1.10 handles all different http client requests to different > https servers and send them as a https two-way ssl. Currently it > only handles request for https.example.com > <http://https.example.com/>. Use the sslproxy_* directives instead of cache_peer. However you have two problems: Problem A) requirements #1 and #2 above are mutually exclusive. Obeying #1 involves sending traffic from Squid to the parent proxy for action. Obeying #2 involves opening direct TLS connections from Squid to the origin servers. Problem B) Translating between http:// and https:// is explicitly forbidden in both HTTP and HTTPS protocol security requirements. Squid does not permit that highly dangerous action to be taken. However there are several other possibilities depending on what you actually need done. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
