[squid-users] question about encrypted connection between https client and Squid
yvoinov at gmail.com
Sun Mar 1 21:01:04 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
02.03.15 2:55, Eliezer Croitoru пишет:
> Hey Yuri,
> On 01/03/2015 20:17, Yuri Voinov wrote:
>> Normally you never use CONNECT method over HTTP ports. This is
>> prohibited by squid basic security requirements.
> The above statement is true only if the proxy admin prohibit this.
> A CONNECT method can be allowed and can be used for any purpose
> what so ever the admin of the server sees right. There are basic
> default settings which allows the usage of a CONNECT method only to
> access specific "ssl safe ports".
Sure. But this is best option for newbies.
> The "right" way (if these one) to access squid using an encrypted
> channel would be throw either a tunnel or another proxy which can
> forward the request into squid. If the client supports encrypted
> proxy connection you can try to use squid 3.5.2 and a combination
> of haproxy in-front.
Will can. When it will completely functional with interception bumping.
> On the haproxy use a ssl based listening port while between haproxy
> to the squid service you would need to use an unencrypted channel.
> Then you can use haproxy PROXY protocol to let squid know what is
> the client src IP address.
This is environment-specific and non-common.
> All The Bests, Eliezer
> * I did not tested this feature yet but it is on my todo list, for
> now 3.5.2 seems very stable.
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the squid-users