<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div apple-content-edited="true" class="">Hello Amos,
</div><div apple-content-edited="true" class=""><br class=""></div><div apple-content-edited="true" class="">Thank you for your reply.</div><div apple-content-edited="true" class=""><br class=""></div><div apple-content-edited="true" class=""><blockquote type="cite" class="">Problem A)<br class="">requirements #1 and #2 above are mutually exclusive.<br class=""><br class="">Obeying #1 involves sending traffic from Squid to the parent proxy for<br class="">action.<br class=""><br class="">Obeying #2 involves opening direct TLS connections from Squid to the<br class="">origin servers.</blockquote><br class=""></div><div apple-content-edited="true" class="">Is it possible to send the TLS connection as a HTTP CONNECT tunnel via through the parent proxy? (<a href="http://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling" class="">http://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling</a>)</div><div apple-content-edited="true" class=""><br class=""></div><div apple-content-edited="true" class="">Abdelouahed</div>
<br class=""><div><blockquote type="cite" class=""><div class="">Op 14 apr. 2015, om 18:20 heeft Amos Jeffries <<a href="mailto:squid3@treenet.co.nz" class="">squid3@treenet.co.nz</a>> het volgende geschreven:</div><br class="Apple-interchange-newline"><div class="">On 14/04/2015 11:57 p.m., Abdelouahed Haitoute wrote:<br class=""><blockquote type="cite" class=""><br class=""></blockquote><br class=""><blockquote type="cite" class="">There are two thing I haven’t realized in the development<br class="">environment, because I don’t know how:<br class="">1. Making the Squid 3.1.10 to use a proxy system, because that’s our<br class="">policy to communicate to the outside world. In apache we use the<br class="">following directive: “ProxyRemote https <a href="http://192.168.68.102:3128" class="">http://192.168.68.102:3128</a><br class=""><<a href="http://192.168.68.102:3128/" class="">http://192.168.68.102:3128/</a>>"<br class=""></blockquote><br class="">In squid.conf:<br class=""><br class=""> cache_peer 192.168.68.102 parent 3128 0<br class=""><br class=""><br class=""><blockquote type="cite" class=""><br class="">2. Making the configuration variable as much as possible. So the<br class="">Squid 3.1.10 handles all different http client requests to different<br class="">https servers and send them as a https two-way ssl. Currently it<br class="">only handles request for <a href="http://https.example.com" class="">https.example.com</a><br class=""><<a href="http://https.example.com/" class="">http://https.example.com/</a>>.<br class=""></blockquote><br class=""><br class="">Use the sslproxy_* directives instead of cache_peer.<br class=""><br class=""><br class="">However you have two problems:<br class=""><br class="">Problem A)<br class=""> requirements #1 and #2 above are mutually exclusive.<br class=""><br class=""> Obeying #1 involves sending traffic from Squid to the parent proxy for<br class="">action.<br class=""><br class=""> Obeying #2 involves opening direct TLS connections from Squid to the<br class="">origin servers.<br class=""><br class=""><br class="">Problem B)<br class=""> Translating between http:// and https:// is explicitly forbidden in<br class="">both HTTP and HTTPS protocol security requirements.<br class=""><br class=""> Squid does not permit that highly dangerous action to be taken. However<br class="">there are several other possibilities depending on what you actually<br class="">need done.<br class=""><br class=""><br class="">Amos<br class=""><br class="">_______________________________________________<br class="">squid-users mailing list<br class=""><a href="mailto:squid-users@lists.squid-cache.org" class="">squid-users@lists.squid-cache.org</a><br class="">http://lists.squid-cache.org/listinfo/squid-users<br class=""></div></blockquote></div><br class=""></body></html>