[please reply via the mailing list] On 23/03/2016 12:22 a.m., Ģirts Dālbergs wrote: > Thank you for your reply. > I already had an exchange of mails with Benjamin, but you seem a little > more knowing in this particular topic. > Since I`m not the most knowing person in this myself I need to ask > further questions. Would "plugging" the software in squid provide an > inline setup? Yes the way you have been describing the "inline setup" that you want it reads exactly as if you were describing how ICAP works. By "plugging into Squid" with ICAP I mean setting some squid.conf directives to tell Squid were to send the traffic through its ICAP interface (and what to send that way). > In other words could the software forward the traffic back > to squid and act like a sort of transparent proxy inside squid? And > would the traffic be encrypted at that point? The SSL-Bump feature of Squid decrypts TLS on arrival, and re-encrypts when sending to the upstream HTTP server. What can be decrypted is unencrypted when sent to ICAP and/or eCAP. If the TLS/SSL cannot be "Bumped" by Squid (or you choose to configure Squid not to for any reason). Then that traffic is not sent through the ICAP/eCAP services. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
