[squid-users] Add header to SSL requests to my own domain using my domains certs

Yuri Voinov yvoinov at gmail.com
Sun Feb 15 22:37:37 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit

16.02.15 4:02, James Beecham пишет:
> Hello,
> 
> Thank you to everyone who works on this great project! I have been
> using Squid as an intercept for a while now and am very happy.
> 
> I have a high level question regarding SSL_Bump.
> 
> My company recently switched to using SSL for our web services,
> which requires me to make some changes to the way that we use
> Squid.
> 
> I have a need to place a header value into requests coming to our
> own domain (ex. https://www.myhost.com) for proper usage. Before
> using SSL I was using request_header_add without any issues and
> getting perfect performance. Now with SSL I still need to get a
> header value into the requests to our domain.
> 
> I do not wish to bump/inspect all traffic over 443, I only wish to
> add a header to request to my own domain. Since I am the domain
> admin I have access to the certs from the CA. I understand how acls
> work and am not concerned about setting this up.
> 
> I would like to know what you all think about using our domains
> actual certs (www.myhost.com) to bump only that domain and add the
> header field that I need. Will this allow me to modify the header
> without the client knowing or their browser telling them about man
> in the middle? My knowledge of SSL/TLS is low but growing
> everyday.
> 
> Thank you for your attention and please ask more questions if my
> situation is not clear.'
> 
> James
> 
> 
> 
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU4R+xAAoJENNXIZxhPexGap0IAI8I9aimys3+1pdZAPWYtxDQ
N4Otv7Lz8rJx+TJGITgHbsvg5l09plilGLz2LmA05IkqpSOEtEGVQMUusx8sI/kH
G9fPlY0r1MD2IUs5nKD9HK/oqZ2FhUceJG+XLs1tKCsPgMLSmIiEzGg4oM2pZEzw
h3kH2b8hP7BHUWh2TtPkpjxVT37wFfJ+mX87M2F47Fz7Dc9149g/bugDo9yk4WjY
9Nx/zHahDLK4PCwgKySQZOHFyK0NNH52R6kBDNcILnUrvuCzp0yGbIxPCD2AuS4U
bMj4J+e+o8eqrwAw63/vVDtC2yoGUlYW6z5KuxbYZbBSTq4fJW2lk+5N5lmWmu0=
=lPPU
-----END PGP SIGNATURE-----


More information about the squid-users mailing list