Search squid archive

Re: Squid reverse proxy with SSL bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/09/2015 6:45 p.m., joseph jose wrote:
> Hi,
> 
> I have tested squid reverse proxy mode and squid SSL bump both were
> successful and working fine.
> 
> Is it possible to configure a squid reverse proxy with SSL-bump enabled?

The concept does not make any sense.
 * accel / revers-proxy traffic is destined to and terminated by the proxy.
 * ssl-bump is a pile of trickery and hacks to intercept traffic
destined to somewhere else.

What is a web server that MITM's traffic destined to itself? broken.


Squid does (and always has done) normal regular HTTPS reverse-proxy:

 https_port 443 accel cert=...

But there is not yet support for SNI. So virtual hosted HTTPS is not
supported. We are still stuck with the old one IP:port per domain limit
for a while yet.


> 
> I tried configuring a squid instance in reverse proxy to bump specific
> domain traffic using following config line(clubbing both reverse proxy and
> SSL bump config directives)
> 
> acl ssl_bumping dstdomain testsquid.com
> ssl_bump server-first ssl_bumping
> sslproxy_cert_error allow ssl_bumping
> sslproxy_flags DONT_VERIFY_PEER
> sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
> /usr/local/squid/var/lib/ssl_db -M 4MB
> 
> http_port 3128 accel defaultsite=testsquid.com vhost vport ssl-bump
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=<cert>
> cache_peer <webserverIP> parent <port> 0 no-query originserver
> name=squidtest
> 
> But squid is logging CONNECT error:method-not-allowed. Am i missing
> something in my config?.
> 
> Does squid works in reverse proxy mode with SSL bump enabled?

No.


Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux