[squid-users] squid http CONNECT

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Feb 16 17:05:21 UTC 2021


>On 2/16/21 2:29 AM, Kevin Shell wrote:
>> What requirements are needed for smtps imaps pop3s nntps client programs
>> to tunnel thru squid proxy?

On 16.02.21 11:28, Alex Rousskov wrote:
>If your Squid is a forward proxy, then those clients have to support
>HTTP (and/or HTTPS) forward proxies. In other words, they should
>establish a standard HTTP CONNECT tunnel through Squid.
>
>If you are intercepting their traffic, then there are no special
>requirements for those clients. You will have to configure Squid to
>splice the intercepted connection before getting to unencrypted bytes so
>your Squid will be limited to very basic checks at or below the TLS layer.

also, squid must allow CONNECT to smtps, imaps, pop3s and nntps ports.

which usually means, they have to be added to ssl_ports ACL.
 

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.


More information about the squid-users mailing list