Thanks for your reply. So the same proxy certificate will be expose for all the requests even though we are sending more requests through load-balancing of more IP addresses from the server which will be an anonymity risk? On Fri, Dec 29, 2017 at 3:17 PM, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: > On 29.12.17 12:38, Sekar Duraisamy wrote: >> >> "To cache encryption protected content you must first remove the >> encryption. That destroys the "anonymous" part completely." >> >> Could you please provide little more details about this line about it >> destroys the anonymous while we decrypt the encryption and enable >> caching for https? > > > the whole point of SSL and HTTPS is that nobody between client (browser) and > the final server knows what's inside. This logically prevents caching, since > you can not know what is the content you are transferring, so you can't know > if you can provide the contant from cache. > > you need to break into https - behave as the final server, provide your > own certificate instead (because you can't fake the real server's) and look > into content. > > Note that many clients will complain about your certificate - you need to > import your proxy's certificate to clients' browsers to avoid that, > > and still, some clients will detect that they are not communicating to > final server and refuse to work (this has been reported a few times here). > >> https caching for anonymous proxy is not recommended? > > > your customer may look anonymous to the world (hidden behind your proxy) > even without breaking HTTPS. > But by decrypting https they will lose privacy. > > -- > Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Windows found: (R)emove, (E)rase, (D)elete > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
