[squid-users] How to enable caching for https websites on Squid

Sekar Duraisamy sekarit at gmail.com
Fri Dec 29 11:17:11 UTC 2017


Thanks for your reply.

So the same proxy certificate will be expose for all the requests even
though we are sending more requests through load-balancing of more IP
addresses from the server which will be an anonymity risk?


On Fri, Dec 29, 2017 at 3:17 PM, Matus UHLAR - fantomas
<uhlar at fantomas.sk> wrote:
> On 29.12.17 12:38, Sekar Duraisamy wrote:
>>
>> "To cache encryption protected content you must first remove the
>> encryption. That destroys the "anonymous" part completely."
>>
>> Could you please provide little more details about this line about it
>> destroys the anonymous while we decrypt the encryption and enable
>> caching for https?
>
>
> the whole point of SSL and HTTPS is that nobody between client (browser) and
> the final server knows what's inside. This logically prevents caching, since
> you can not know what is the content you are transferring, so you can't know
> if you can provide the contant from cache.
>
> you need to break into https - behave as the final server, provide your
> own certificate instead (because you can't fake the real server's) and look
> into content.
>
> Note that many clients will complain about your certificate - you need to
> import your proxy's certificate to clients' browsers to avoid that,
>
> and still, some clients will detect that they are not communicating to
> final server and refuse to work (this has been reported a few times here).
>
>> https caching for anonymous proxy is not recommended?
>
>
> your customer may look anonymous to the world (hidden behind your proxy)
> even without breaking HTTPS.
> But by decrypting https they will lose privacy.
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Windows found: (R)emove, (E)rase, (D)elete
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list