[squid-users] How to enable caching for https websites on Squid

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Jan 9 12:12:47 UTC 2018


On 09.01.18 17:15, Sekar Duraisamy wrote:
>"To cache encryption protected content you must first remove the
>encryption. That destroys the "anonymous" part completely."
>
>Could you please provide little more details about affecting anonymous
>service. Do you meant it will affect customers anonymous or from proxy
>server?

I believe you have been answered already multiple times, but once more:

the customer will have no privacy against proxy server - the proxy server
will see everything they access, all the content etc.

This is impossible with SSL - SSL has been created just to provide privacy
to users, so nobody sees the content, only the final server.

With HTTPS decrypting the destination server will only see your proxy
accessing, no IP, browser info (if you decide to hide it) but the proxy will
see everything.  Proxy admins will be able to see their passwords, their
mail, banking account information, etc.
  
If your users are OK with that, fine.  The question is if they really want
this kind of anonymity.

>When we use certificate in the Proxy server to decrypt the content of
>HTTPS, multiple customers will hit to the same HTTPS website in a day
>through our proxy, that website always see single certificate even
>though multiple customers from multiple IPs. Is there a chance from
>website can block
>because of they will see more requests from more IP's but single
>certificate for the all the requests to the same doamin ?

The end servers will not see your proxy certificate. 
The HTTP server certificate is used to authentize server, not the client.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. 


More information about the squid-users mailing list