[squid-users] question about encrypted connection between https client and Squid
Eliezer Croitoru
eliezer at ngtech.co.il
Sun Mar 1 20:55:45 UTC 2015
Hey Yuri,
On 01/03/2015 20:17, Yuri Voinov wrote:
> Normally you never use CONNECT method over HTTP ports. This is
> prohibited by squid basic security requirements.
The above statement is true only if the proxy admin prohibit this.
A CONNECT method can be allowed and can be used for any purpose what so
ever the admin of the server sees right.
There are basic default settings which allows the usage of a CONNECT
method only to access specific "ssl safe ports".
The "right" way (if these one) to access squid using an encrypted
channel would be throw either a tunnel or another proxy which can
forward the request into squid.
If the client supports encrypted proxy connection you can try to use
squid 3.5.2 and a combination of haproxy in-front.
On the haproxy use a ssl based listening port while between haproxy to
the squid service you would need to use an unencrypted channel.
Then you can use haproxy PROXY protocol to let squid know what is the
client src IP address.
All The Bests,
Eliezer
* I did not tested this feature yet but it is on my todo list, for now
3.5.2 seems very stable.
More information about the squid-users
mailing list