We have been using squid in accelerator mode for a number of years. In the current setup we have the squid frontends that send all the http requests to the backend apache webservers using a simple redirect script. We need to switch to https for the public presence. So, our initial thought would be to use https_port for public HTTPS presence and send the requests using cache_peer to the backend apache servers using plain http. Basically terminating HTTPS from clients and relaying it to backend servers using HTTP. We will need to implement HSTS at some point (i.e. Strict-Transport-Security: max-age=8888; includeSubDomains; preload), will we be able to do this in the above scenario? Also, we will initially be providing both http and https, but will need to stop http at some point. Is there a way to redirect the clients that try to connect via http to use https with squid? Something like the rewrite engine in apache? We use RH 6.x which comes with squid 3.1. Thanks for any feedback. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
