
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:Helvetica;

        panose-1:2 11 6 4 2 2 2 2 2 4;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.yiv0837668946msonormal, li.yiv0837668946msonormal, div.yiv0837668946msonormal

        {mso-style-name:yiv0837668946msonormal;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

p.yiv0837668946msochpdefault, li.yiv0837668946msochpdefault, div.yiv0837668946msochpdefault

        {mso-style-name:yiv0837668946msochpdefault;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

span.yiv0837668946msohyperlink

        {mso-style-name:yiv0837668946msohyperlink;}

span.yiv0837668946msohyperlinkfollowed

        {mso-style-name:yiv0837668946msohyperlinkfollowed;}

span.yiv0837668946emailstyle17

        {mso-style-name:yiv0837668946emailstyle17;}

p.yiv0837668946msonormal1, li.yiv0837668946msonormal1, div.yiv0837668946msonormal1

        {mso-style-name:yiv0837668946msonormal1;

        margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

span.yiv0837668946msohyperlink1

        {mso-style-name:yiv0837668946msohyperlink1;

        color:blue;

        text-decoration:underline;}

span.yiv0837668946msohyperlinkfollowed1

        {mso-style-name:yiv0837668946msohyperlinkfollowed1;

        color:purple;

        text-decoration:underline;}

span.yiv0837668946emailstyle171

        {mso-style-name:yiv0837668946emailstyle171;

        color:#1F497D;}

p.yiv0837668946msochpdefault1, li.yiv0837668946msochpdefault1, div.yiv0837668946msochpdefault1

        {mso-style-name:yiv0837668946msochpdefault1;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:10.0pt;

        font-family:"Times New Roman","serif";}

span.EmailStyle27

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello,

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yeah, that guide is for PFsense in particular, but you could run HAProxy by itself (say in a VM) and get the same result.  Just fwd those ports from your router

 to the HAProxy box. <o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><br>

Thanks!<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> squid-users [mailto:squid-users-bounces@lists.squid-cache.org]

<b>On Behalf Of </b>j m<br>

<b>Sent:</b> Wednesday, May 03, 2017 3:14 PM<br>

<b>To:</b> squid-users@lists.squid-cache.org<br>

<b>Subject:</b> Re: [squid-users] HTTPS support<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div id="yui_3_16_0_ym19_1_1493838446403_5410">

<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Looks interesting, but it looks complex and sounds like I'd need more of a router than I have to do it.<o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5500">

<div id="yui_3_16_0_ym19_1_1493838446403_5499">

<div id="yui_3_16_0_ym19_1_1493838446403_5498">

<div id="yui_3_16_0_ym19_1_1493838446403_5666">

<div class="MsoNormal" align="center" style="text-align:center;background:white">

<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">

<hr size="1" width="100%" align="center">

</span></div>

<p class="MsoNormal" style="background:white"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"> "Craddock, Tommy" <<a href="mailto:Tommy.Craddock@bicgraphic.com">Tommy.Craddock@bicgraphic.com</a>><br>

<b>To:</b> "<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>" <<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>>

<br>

<b id="yui_3_16_0_ym19_1_1493838446403_5819">Sent:</b> Wednesday, May 3, 2017 2:04 PM<br>

<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5497">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

<div id="yiv0837668946">

<div id="yui_3_16_0_ym19_1_1493838446403_5496">

<div id="yui_3_16_0_ym19_1_1493838446403_5495">

<div id="yui_3_16_0_ym19_1_1493838446403_5664">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">Hello,

</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5643">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5641">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">Is this more in line with what your trying to do:</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5640">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5520">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"><a href="http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate" target="_blank">http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate</a></span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5517">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5516">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">Tommy

</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5515">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div id="yiv0837668946yqt31524">

<div id="yui_3_16_0_ym19_1_1493838446403_5514">

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in" id="yui_3_16_0_ym19_1_1493838446403_5513">

<div id="yui_3_16_0_ym19_1_1493838446403_5512">

<p class="MsoNormal" style="background:white"><b><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> squid-users [<a href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>]

<b>On Behalf Of </b>j m<br>

<b>Sent:</b> Wednesday, May 03, 2017 2:44 PM<br>

<b id="yui_3_16_0_ym19_1_1493838446403_5821">To:</b> <a href="mailto:squid-users@lists.squid-cache.org">

squid-users@lists.squid-cache.org</a><br>

<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

</div>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5510">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>

</div>

<div id="yui_3_16_0_ym19_1_1493838446403_5494">

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10881">

<div id="yui_3_16_0_ym19_1_1493838446403_5509">

<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">In any case, I'm finding SSH through proxy is undesirable or not possible.  I'm thinking shellinabox, which is insecure but run over

 a secure proxy link, is my best bet.</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

</div>

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10900">

<div style="margin-bottom:12.0pt" id="yui_3_16_0_ym19_1_1493838446403_5507">

<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

</div>

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10904">

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10903">

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10902">

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10901">

<div class="MsoNormal" align="center" style="text-align:center;background:white">

<span style="font-family:"Helvetica","sans-serif";color:black">

<hr size="1" width="100%" align="center">

</span></div>

<div id="yui_3_16_0_ym19_1_1493838446403_5504">

<p class="MsoNormal" style="background:white"><b><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>

<b>To:</b> j m <<a href="mailto:acctforjunk@yahoo.com" target="_blank" id="yui_3_16_0_ym19_1_1493838446403_5502">acctforjunk@yahoo.com</a>>; "<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>" <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>>

<br>

<b id="yui_3_16_0_ym19_1_1493838446403_5823">Sent:</b> Wednesday, May 3, 2017 1:19 PM<br>

<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

</div>

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10906">

<div id="yui_3_16_0_ym19_1_1493838446403_5501">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>

</div>

<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10905">

<div id="yui_3_16_0_ym19_1_1493838446403_5493">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">On 05/03/2017 11:37 AM, j m wrote:<br>

> the plan was to use SSH through the proxy.<br>

<br>

If your SSH clients support SSH through an HTTP proxy, then do not<br>

authenticate them in Squid. Just do not let them go anywhere but the SSH<br>

server. It would be like running an exposed-to-the-world SSH server, no<br>

worse. Squid will still know nothing about SSH. Squid will just tunnel<br>

opaque bytes from your SSH clients to your SSH server. You will use an<br>

HTTP (not HTTPS) Squid port for this traffic because your SSH clients<br>

are unlikely to support HTTPS to the proxy.<br>

<br>

Your browsers will still use HTTPS to the proxy (and get authenticated).<br>

Thus, you will have two different http_ports, one for HTTP<br>

(unauthenticated SSH clients) and one for HTTPS (authenticated browsers).<br>

<br>

If SSH blocking is not based on _protocol_ but on port, then follow<br>

Antony Stone advice and change the SSH server port instead of<br>

HTTP-proxying SSH connections.<br>

<br>

Alex.<o:p></o:p></span></p>

</div>

<div id="yiv0837668946yqtfd64275">

<div style="margin-bottom:12.0pt">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>

<br>

<br>

<br>

> ------------------------------------------------------------------------<br>

> *From:* Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>

> *To:* "<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>"<br>

> <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_11003">squid-users@lists.squid-cache.org</a>><br>

> *Cc:* j m <<a href="mailto:acctforjunk@yahoo.com" target="_blank">acctforjunk@yahoo.com</a>><br>

> *Sent:* Wednesday, May 3, 2017 12:22 PM<br>

> *Subject:* Re: [squid-users] HTTPS support<br>

> <br>

> On 05/03/2017 10:57 AM, j m wrote:<br>

>> I wanted to set up a proxy on my home server for use from remote<br>

>> locations to use as a web proxy (of course) and also to run SSH over.<br>

> <br>

> The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.<br>

> <br>

> <br>

>> This means that basic auth is undesirable due to the login being sent<br>

>> in clear text.  So, someone suggested digest auth, and I was happy.<br>

>>  But, now I'm finding that PuTTY and WinSCP do not support digest auth.<br>

>>  And consequently, I haven't found any other SSH clients that support<br>

>> digest. (sigh)<br>

> <br>

> These problems will go away if you stop mixing Squid and ssh. Squid is<br>

> HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use<br>

> the same authentication mechanism for both protocols in your use case.<br>

> <br>

> <br>

>> So, I'm back to plan b, and that is to have a secure proxy connection so<br>

>> all browser-to-server communication is encrypted.<br>

> <br>

> That is a good idea if all of your browsers support it. Popular browsers<br>

> support HTTPS-to-proxy on desktop, but I am not sure about their mobile<br>

> versions. You may have to jump through some hoops.<br>

> <br>

> <br>

> <br>

>> So the question is, does<br>

>> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?<br>

> <br>

> <br>

> Squid v3.5 supports secure connections to the proxy. See "TLS / SSL<br>

> Options" for the http_port directive (not the https_port directive!).<br>

> <br>

> You can install Squid v3.5 on Ubuntu. I do not know whether the official<br>

> Ubuntu Squid package is built with the required support.<br>

> <br>

> <br>

> HTH,<br>

> <br>

> Alex.<br>

> <br>

> <br>

> <br>

> <o:p></o:p></span></p>

</div>

</div>

</div>

<div style="margin-bottom:12.0pt">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<div>

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>

______________________________________________________________________<br>

This email has been scanned by the Symantec Email Security.cloud service.<br>

For more information please visit <a href="http://www.symanteccloud.com/" target="_blank">

http://www.symanteccloud.com</a><br>

______________________________________________________________________<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>

______________________________________________________________________<br>

This email has been scanned by the Symantec Email Security.cloud service.<br>

For more information please visit <a href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>

______________________________________________________________________<o:p></o:p></span></p>

</div>

</div>

<div id="yqt93069">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">_______________________________________________<br>

squid-users mailing list<br>

<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>

<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></span></p>

</div>

<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

</div>

</div>

</div>

</div>

<p class="MsoNormal"><br>

______________________________________________________________________<br>

This email has been scanned by the Symantec Email Security.cloud service.<br>

For more information please visit <a href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>

______________________________________________________________________<o:p></o:p></p>

</div>

<br clear="both">

______________________________________________________________________<BR>

This email has been scanned by the Symantec Email Security.cloud service.<BR>

For more information please visit http://www.symanteccloud.com<BR>

______________________________________________________________________<BR>

</body>

</html>