On 10/31/22 7:32 PM, mingheng wang wrote:
Sorry about that, don't know why it only went to you.
Things happen. That's why I let people know, in case unwanted things did happen.
I delved into the configuration the last few days, and found that Squid doesn't officially support cache_peer when ssl_bump is in use.
That surprises me. I wonder if it's a technical limitation or an oversight.
Actually, I can't find a single tool in the market that can just encrypt any HTTP connection, "converting" it to an HTTPS connection. I'm reading RFCs and documentation to write my own proxy.
That really surprises me.It's not a general proxy, but this seems like something that stunnel will do. (Either direction HTTPS <-> HTTP and HTTP <-> HTTPS.)
This is what still confuses me. A reverse proxy is supposed to proxy a web site. At least that's what I learnt from Nginx and Haproxy's documentation. I'll read more on this when I have time.
I think of forward and reverse proxies as doing quite similar things with the primary difference being where in the path they are and how many sites will be accessed.
Forward: (C)---(P)---(Big Bad Internet)---------(S) Reverse: (C)---------(Big Bad Internet)---(P)---(S)Both take requests from clients and pass them to (what the proxy thinks is) the server.
But with the forward proxy interfacing between relatively few clients and significantly more servers.
Conversely the reverse proxy interfaces with significantly more clients and relatively few servers.
The reverse proxy tends to be explicitly configured where servers are while the forward proxy relies on standard name resolution to find them, usually DNS.
So, on one level, what the forward and reverse proxy do is similar, but how they do it is subtly different.
Then there's this: Both: (C)---(P)---(Big Bad Internet)---(P)---(S)Where in both a client side forward proxy /and/ a server side reverse proxy are in use. }:-) This really is just both technologies being independently used at each end.
Very tough network environment. They can even somehow detect a confidential file going through the gateway, even with TLS.
I'm not going to ask questions. -- Grant. . . . unix || die
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users