Search squid archive

Re: Rewriting HTTP to HTTPS for generic package proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The idea behind was to find a way to cache packages from a repository that only provides HTTPS-based connections. It would work, when the HTTPS connection terminates at the Squid Proxy and not at the client, so that the proxy can forward the message payload to the client using normal HTTP. Apt-Cacher-NG implements the behavior, but it seems to be too buggy to use in a productive environment.

There is no way to achieve that with standard Squid mechanisms?

Regards,
Christoph


>-----Ursprüngliche Nachricht-----
>Von: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> Im Auftrag von Amos Jeffries
>Gesendet: Mittwoch, 10. Juli 2024 11:42
>An: squid-users@xxxxxxxxxxxxxxxxxxxxx
>Betreff: Re:  Rewriting HTTP to HTTPS for generic package proxy
>
>On 10/07/24 10:25, Fiehe, Christoph wrote:
>> Hallo,
>>
>> I hope that somebody has an idea, what I am doing wrong. I try to build a generic
>package proxy with Squid and need the feature to rewrite (not redirect) a HTTP request to
>a package repository transparently to a HTTPS-based package source.
>
>The "Wrong" starts with the very idea you have that re-writing a URL
>scheme is even useful.
>
>
>While it mas *seem* like an okay idea, what you are actually doing is
>exposing the HTTPS secured Response message to transmission over
>insecure connections from Squid to client. That is prohibited by HTTPS
>which assumes/requires encryption negotiated between the origin client
>and the origin server.
>
>
>The best you can do for a regular proxy. Is *redirect* the http://
>requests with a 302 message telling the client to use https:// instead.
>
>
>   ...
>   http_access deny !to_archive_mirrors
>
>   acl HTTP proto HTTP
>   deny_info 302:https://%>rd%rp HTTP
>   http_access deny HTTP
>
>   http_access allow src_networks
>   ...
>
>
>
>HTH
>Amos
>
>_______________________________________________
>squid-users mailing list
>squid-users@xxxxxxxxxxxxxxxxxxxxx
>https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux