[squid-users] question about encrypted connection between https client and Squid

Yuri Voinov yvoinov at gmail.com
Sun Mar 1 21:01:04 UTC 2015

Hash: SHA1

02.03.15 2:55, Eliezer Croitoru пишет:
> Hey Yuri,
> On 01/03/2015 20:17, Yuri Voinov wrote:
>> Normally you never use CONNECT method over HTTP ports. This is 
>> prohibited by squid basic security requirements.
> The above statement is true only if the proxy admin prohibit this. 
> A CONNECT method can be allowed and can be used for any purpose
> what so ever the admin of the server sees right. There are basic
> default settings which allows the usage of a CONNECT method only to
> access specific "ssl safe ports".

Sure. But this is best option for newbies.

> The "right" way (if these one) to access squid using an encrypted 
> channel would be throw either a tunnel or another proxy which can 
> forward the request into squid. If the client supports encrypted
> proxy connection you can try to use squid 3.5.2 and a combination
> of haproxy in-front.

Will can. When it will completely functional with interception bumping.

> On the haproxy use a ssl based listening port while between haproxy
> to the squid service you would need to use an unencrypted channel. 
> Then you can use haproxy PROXY protocol to let squid know what is
> the client src IP address.

This is environment-specific and non-common.

> All The Bests, Eliezer
> * I did not tested this feature yet but it is on my todo list, for
> now 3.5.2 seems very stable. 
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
Version: GnuPG v2


More information about the squid-users mailing list