[squid-users] How to enable caching for https websites on Squid

Wed Jan 10 11:27:45 UTC 2018

Thanks for your reply. Yes. I agree about the customers privacy and we
should not decrypt. My users are not even using this proxy for their
personal purpose and not passing any personal information and simple
browse the pages to explore the wiki pages, technical information or
any images like that.

Just thought of enabling cache for https for few websites to just save
more internet bandwidth utilization and cost saving of internet usage
as most of the websites now moved from http to https.

On Tue, Jan 9, 2018 at 5:42 PM, Matus UHLAR - fantomas
<uhlar at fantomas.sk> wrote:
> On 09.01.18 17:15, Sekar Duraisamy wrote:
>>
>> "To cache encryption protected content you must first remove the
>> encryption. That destroys the "anonymous" part completely."
>>
>> Could you please provide little more details about affecting anonymous
>> service. Do you meant it will affect customers anonymous or from proxy
>> server?
>
>
> I believe you have been answered already multiple times, but once more:
>
> the customer will have no privacy against proxy server - the proxy server
> will see everything they access, all the content etc.
>
> This is impossible with SSL - SSL has been created just to provide privacy
> to users, so nobody sees the content, only the final server.
>
> With HTTPS decrypting the destination server will only see your proxy
> accessing, no IP, browser info (if you decide to hide it) but the proxy will
> see everything.  Proxy admins will be able to see their passwords, their
> mail, banking account information, etc.
>  If your users are OK with that, fine.  The question is if they really want
> this kind of anonymity.
>
>> When we use certificate in the Proxy server to decrypt the content of
>> HTTPS, multiple customers will hit to the same HTTPS website in a day
>> through our proxy, that website always see single certificate even
>> though multiple customers from multiple IPs. Is there a chance from
>> website can block
>> because of they will see more requests from more IP's but single
>> certificate for the all the requests to the same doamin ?
>
>
> The end servers will not see your proxy certificate. The HTTP server
> certificate is used to authentize server, not the client.
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> The only substitute for good manners is fast reflexes.
> _______________________________________________
>
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users