[squid-users] Reverse proxy caching from SSL cache_peer depending on urlpath_regex

Manuel manuelfgarcia at reconmail.com
Thu Oct 8 22:42:00 UTC 2015


I am thinking about the idea of using Squid as a reverse proxy on https
(also on http), doing some caching and connecting to a SSL cache_peer and a
non SSL cache_peer depending on the address (e.g. login related addresses
would use the SSL cache_peer).

The goal is to make faster the browsing experience of the website by not
encrypting and decrypting on both the reverse proxy and the webserver
requests that do not need to be secured on the reverse proxy-webserver side.
Of course this could be done too on part of the server-client connections
but it would give a lot of problems such as web browsers alerts changing
from HTTPS to HTTP, similar alerts because of partial content on HTTPS, HTTP
would be worse for SEO too, safety risks sending login POST data from HTTP
to HTTPS, etc.

This approach makes me wonder the following questions and I would like to
confirm my thoughts:

- Can squid acting as a reverse proxy deal with caching with SSL similar
than it can do it without SSL? In any combination https_port accel and
cache_peer ssl; https_port accel and cache_peer (not ssl); http_port accel
and cache_peer ssl; http_port and cache_peer (not ssl)?

My understanding is that, yes, it can do it and that Squid get the content
from the cache_peer (encrypted if ssl), decrypt it if encrypted and store it
always not encrypted. Am I right?

- Can Squid use a SSL cache_peer just for specific addresses of the same
website/domain and a non SSL cache_peer for the rest of the addresses on the
same website/domain?

My understanding is that such a thing would be possible setting those two
different named cache_peers, one on port 443 with the ssl option and the
other on port 80; and then using acl urlpath_regex to choose what cache_peer
to use. Is that correct?


View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Reverse-proxy-caching-from-SSL-cache-peer-depending-on-urlpath-regex-tp4673627.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list