On 10/10/18 11:37 AM, Alex Rousskov wrote: > > Please note that if you want to rewrite URLs of secure web sites (e.g., > "https://example.com/";), then you will be fighting an increasingly > uphill battle with modern browsers, even if Squid can do (or can be > enhanced to do) what you want. In many cases, an overall better solution > in that case is to rewrite those secure URLs inside the browser instead, > even though that approach often requires instrumenting several browsers > that increasingly resist instrumentation (i.e. another uphill battle > with popular browsers!). > One other thing to consider here is whether the user+pass have to be sent in the URL at all. If possible, it would be better to use a cache_peer connection that sends HTTP authentication headers to the upstream server. That gives you ability to "internally" use the more secure forms of TLS which cannot be MITM'd for the connection containing credentials. Alternatively, you may be able to send a custom header with the http_header_add mechanism with a custom value to the origin server for processing. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
