On 14/04/2015 11:57 p.m., Abdelouahed Haitoute wrote:
There are two thing I haven’t realized in the development
environment, because I don’t know how:
1. Making the Squid 3.1.10 to use a proxy system, because that’s our
policy to communicate to the outside world. In apache we use the
following directive: “ProxyRemote https http://192.168.68.102:3128
<http://192.168.68.102:3128/>"
In squid.conf:
cache_peer 192.168.68.102 parent 3128 0
2. Making the configuration variable as much as possible. So the
Squid 3.1.10 handles all different http client requests to different
https servers and send them as a https two-way ssl. Currently it
only handles request for https.example.com
<http://https.example.com/>.
Use the sslproxy_* directives instead of cache_peer.
However you have two problems:
Problem A)
requirements #1 and #2 above are mutually exclusive.
Obeying #1 involves sending traffic from Squid to the parent proxy for
action.
Obeying #2 involves opening direct TLS connections from Squid to the
origin servers.
Problem B)
Translating between http:// and https:// is explicitly forbidden in
both HTTP and HTTPS protocol security requirements.
Squid does not permit that highly dangerous action to be taken. However
there are several other possibilities depending on what you actually
need done.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxxhttp://lists.squid-cache.org/listinfo/squid-users