<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_ym19_1_1493838446403_5409"><span id="yui_3_16_0_ym19_1_1493838446403_5701"></span></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1493838446403_5410">Looks interesting, but it looks complex and sounds like I'd need more of a router than I have to do it.<br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1493838446403_5500" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;" id="yui_3_16_0_ym19_1_1493838446403_5499"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1493838446403_5498"> <div dir="ltr" id="yui_3_16_0_ym19_1_1493838446403_5666"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1493838446403_5665"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> "Craddock, Tommy" <Tommy.Craddock@bicgraphic.com><br> <b><span style="font-weight: bold;">To:</span></b> "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> <br> <b id="yui_3_16_0_ym19_1_1493838446403_5819"><span style="font-weight: bold;" id="yui_3_16_0_ym19_1_1493838446403_5818">Sent:</span></b> Wednesday, May 3, 2017 2:04 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [squid-users] HTTPS support<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1493838446403_5497"><br><div id="yiv0837668946"><style>#yiv0837668946 #yiv0837668946 --
_filtered #yiv0837668946 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;}
_filtered #yiv0837668946 {panose-1:2 4 5 3 5 4 6 3 2 4;}
_filtered #yiv0837668946 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
#yiv0837668946
#yiv0837668946 p.yiv0837668946MsoNormal, #yiv0837668946 li.yiv0837668946MsoNormal, #yiv0837668946 div.yiv0837668946MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}
#yiv0837668946 a:link, #yiv0837668946 span.yiv0837668946MsoHyperlink
{color:blue;text-decoration:underline;}
#yiv0837668946 a:visited, #yiv0837668946 span.yiv0837668946MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
#yiv0837668946 span.yiv0837668946EmailStyle17
{color:#1F497D;}
#yiv0837668946 .yiv0837668946MsoChpDefault
{font-size:10.0pt;}
_filtered #yiv0837668946 {margin:1.0in 1.0in 1.0in 1.0in;}
#yiv0837668946 div.yiv0837668946WordSection1
{}
#yiv0837668946 </style><div id="yui_3_16_0_ym19_1_1493838446403_5496">
<div class="yiv0837668946WordSection1" id="yui_3_16_0_ym19_1_1493838446403_5495">
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5664"><span style="font-size:11.0pt;">Hello,
</span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5643"><span style="font-size:11.0pt;"> </span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5641"><span style="font-size:11.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5642">Is this more in line with what your trying to do:</span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5640"><span style="font-size:11.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5645"> </span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5520"><span style="font-size:11.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5519"><a rel="nofollow" shape="rect" target="_blank" href="http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate" id="yui_3_16_0_ym19_1_1493838446403_5518">http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate</a></span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5517"><span style="font-size:11.0pt;"> </span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5516"><span style="font-size:11.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5820">Tommy
</span></div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5515"><span style="font-size:11.0pt;"> </span></div>
<div class="yiv0837668946yqt8597099361" id="yiv0837668946yqt31524"><div id="yui_3_16_0_ym19_1_1493838446403_5514">
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in;" id="yui_3_16_0_ym19_1_1493838446403_5513">
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5512"><b><span style="font-size:11.0pt;">From:</span></b><span style="font-size:11.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5511"> squid-users [mailto:squid-users-bounces@lists.squid-cache.org]
<b>On Behalf Of </b>j m<br clear="none">
<b>Sent:</b> Wednesday, May 03, 2017 2:44 PM<br clear="none">
<b id="yui_3_16_0_ym19_1_1493838446403_5821">To:</b> squid-users@lists.squid-cache.org<br clear="none">
<b>Subject:</b> Re: [squid-users] HTTPS support</span></div>
</div>
</div>
<div class="yiv0837668946MsoNormal" id="yui_3_16_0_ym19_1_1493838446403_5510"> </div>
<div id="yui_3_16_0_ym19_1_1493838446403_5494">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10881">
<div class="yiv0837668946MsoNormal" style="background:white;" id="yui_3_16_0_ym19_1_1493838446403_5509"><span style="font-size:10.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5508">In any case, I'm finding SSH through proxy is undesirable or not possible. I'm thinking shellinabox, which is insecure but run over
a secure proxy link, is my best bet.</span></div>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10900">
<div class="yiv0837668946MsoNormal" style="margin-bottom:12.0pt;background:white;" id="yui_3_16_0_ym19_1_1493838446403_5507"><span style="font-size:10.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5822"> </span></div>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10904">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10903">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10902">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10901">
<div align="center" class="yiv0837668946MsoNormal" style="text-align:center;background:white;" id="yui_3_16_0_ym19_1_1493838446403_5506">
<span style="font-size:10.0pt;">
</span><hr align="center" size="1" width="100%" id="yui_3_16_0_ym19_1_1493838446403_5505">
</div>
<div class="yiv0837668946MsoNormal" style="background:white;" id="yui_3_16_0_ym19_1_1493838446403_5504"><b><span style="font-size:10.0pt;">From:</span></b><span style="font-size:10.0pt;" id="yui_3_16_0_ym19_1_1493838446403_5503"> Alex Rousskov <<a rel="nofollow" shape="rect" ymailto="mailto:rousskov@measurement-factory.com" target="_blank" href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>><br clear="none">
<b>To:</b> j m <<a rel="nofollow" shape="rect" ymailto="mailto:acctforjunk@yahoo.com" target="_blank" href="mailto:acctforjunk@yahoo.com" id="yui_3_16_0_ym19_1_1493838446403_5502">acctforjunk@yahoo.com</a>>; "<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>" <<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>>
<br clear="none">
<b id="yui_3_16_0_ym19_1_1493838446403_5823">Sent:</b> Wednesday, May 3, 2017 1:19 PM<br clear="none">
<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style=""></span></div>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10906">
<div class="yiv0837668946MsoNormal" style="background:white;" id="yui_3_16_0_ym19_1_1493838446403_5501"><span style=""> </span></div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10905">
<div class="yiv0837668946MsoNormal" style="background:white;" id="yui_3_16_0_ym19_1_1493838446403_5493"><span style="" id="yui_3_16_0_ym19_1_1493838446403_5492">On 05/03/2017 11:37 AM, j m wrote:<br clear="none">
> the plan was to use SSH through the proxy.<br clear="none">
<br clear="none">
If your SSH clients support SSH through an HTTP proxy, then do not<br clear="none">
authenticate them in Squid. Just do not let them go anywhere but the SSH<br clear="none">
server. It would be like running an exposed-to-the-world SSH server, no<br clear="none">
worse. Squid will still know nothing about SSH. Squid will just tunnel<br clear="none">
opaque bytes from your SSH clients to your SSH server. You will use an<br clear="none">
HTTP (not HTTPS) Squid port for this traffic because your SSH clients<br clear="none">
are unlikely to support HTTPS to the proxy.<br clear="none">
<br clear="none">
Your browsers will still use HTTPS to the proxy (and get authenticated).<br clear="none">
Thus, you will have two different http_ports, one for HTTP<br clear="none">
(unauthenticated SSH clients) and one for HTTPS (authenticated browsers).<br clear="none">
<br clear="none">
If SSH blocking is not based on _protocol_ but on port, then follow<br clear="none">
Antony Stone advice and change the SSH server port instead of<br clear="none">
HTTP-proxying SSH connections.<br clear="none">
<br clear="none">
Alex.</span></div>
<div id="yiv0837668946yqtfd64275">
<div class="yiv0837668946MsoNormal" style="margin-bottom:12.0pt;background:white;"><span style=""><br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
> ------------------------------------------------------------------------<br clear="none">
> *From:* Alex Rousskov <<a rel="nofollow" shape="rect" ymailto="mailto:rousskov@measurement-factory.com" target="_blank" href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>><br clear="none">
> *To:* "<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>"<br clear="none">
> <<a rel="nofollow" shape="rect" id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_11003" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>><br clear="none">
> *Cc:* j m <<a rel="nofollow" shape="rect" ymailto="mailto:acctforjunk@yahoo.com" target="_blank" href="mailto:acctforjunk@yahoo.com">acctforjunk@yahoo.com</a>><br clear="none">
> *Sent:* Wednesday, May 3, 2017 12:22 PM<br clear="none">
> *Subject:* Re: [squid-users] HTTPS support<br clear="none">
> <br clear="none">
> On 05/03/2017 10:57 AM, j m wrote:<br clear="none">
>> I wanted to set up a proxy on my home server for use from remote<br clear="none">
>> locations to use as a web proxy (of course) and also to run SSH over.<br clear="none">
> <br clear="none">
> The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.<br clear="none">
> <br clear="none">
> <br clear="none">
>> This means that basic auth is undesirable due to the login being sent<br clear="none">
>> in clear text. So, someone suggested digest auth, and I was happy.<br clear="none">
>> But, now I'm finding that PuTTY and WinSCP do not support digest auth.<br clear="none">
>> And consequently, I haven't found any other SSH clients that support<br clear="none">
>> digest. (sigh)<br clear="none">
> <br clear="none">
> These problems will go away if you stop mixing Squid and ssh. Squid is<br clear="none">
> HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use<br clear="none">
> the same authentication mechanism for both protocols in your use case.<br clear="none">
> <br clear="none">
> <br clear="none">
>> So, I'm back to plan b, and that is to have a secure proxy connection so<br clear="none">
>> all browser-to-server communication is encrypted.<br clear="none">
> <br clear="none">
> That is a good idea if all of your browsers support it. Popular browsers<br clear="none">
> support HTTPS-to-proxy on desktop, but I am not sure about their mobile<br clear="none">
> versions. You may have to jump through some hoops.<br clear="none">
> <br clear="none">
> <br clear="none">
> <br clear="none">
>> So the question is, does<br clear="none">
>> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?<br clear="none">
> <br clear="none">
> <br clear="none">
> Squid v3.5 supports secure connections to the proxy. See "TLS / SSL<br clear="none">
> Options" for the http_port directive (not the https_port directive!).<br clear="none">
> <br clear="none">
> You can install Squid v3.5 on Ubuntu. I do not know whether the official<br clear="none">
> Ubuntu Squid package is built with the required support.<br clear="none">
> <br clear="none">
> <br clear="none">
> HTH,<br clear="none">
> <br clear="none">
> Alex.<br clear="none">
> <br clear="none">
> <br clear="none">
> <br clear="none">
> </span></div>
</div>
</div>
<div class="yiv0837668946MsoNormal" style="margin-bottom:12.0pt;background:white;"><span style=""> </span></div>
</div>
</div>
</div>
</div>
</div></div>
<div class="yiv0837668946MsoNormal"><br clear="none">
______________________________________________________________________<br clear="none">
This email has been scanned by the Symantec Email Security.cloud service.<br clear="none">
For more information please visit <a rel="nofollow" shape="rect" target="_blank" href="http://www.symanteccloud.com/">http://www.symanteccloud.com</a><br clear="none">
______________________________________________________________________</div>
</div>
<br>
______________________________________________________________________<br clear="none">
This email has been scanned by the Symantec Email Security.cloud service.<br clear="none">
For more information please visit http://www.symanteccloud.com<br clear="none">
______________________________________________________________________<br clear="none">
</div></div><div class="yqt8597099361" id="yqt93069">_______________________________________________<br clear="none">squid-users mailing list<br clear="none"><a shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none"><a shape="rect" href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none"></div><br><br></div> </div> </div> </div></div></body></html>