[squid-users] How to enable caching for https websites on Squid

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Dec 29 09:47:03 UTC 2017


On 29.12.17 12:38, Sekar Duraisamy wrote:
>"To cache encryption protected content you must first remove the
>encryption. That destroys the "anonymous" part completely."
>
>Could you please provide little more details about this line about it
>destroys the anonymous while we decrypt the encryption and enable
>caching for https?

the whole point of SSL and HTTPS is that nobody between client (browser) and
the final server knows what's inside. This logically prevents caching, since
you can not know what is the content you are transferring, so you can't know
if you can provide the contant from cache.

you need to break into https - behave as the final server, provide your
own certificate instead (because you can't fake the real server's) and look
into content.

Note that many clients will complain about your certificate - you need to
import your proxy's certificate to clients' browsers to avoid that,

and still, some clients will detect that they are not communicating to
final server and refuse to work (this has been reported a few times here).

> https caching for anonymous proxy is not recommended?

your customer may look anonymous to the world (hidden behind your proxy)
even without breaking HTTPS. 

But by decrypting https they will lose privacy.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete


More information about the squid-users mailing list