[squid-users] handling different two way ssl-request via a proxy system

Amos Jeffries squid3 at treenet.co.nz
Tue Apr 14 16:20:51 UTC 2015


On 14/04/2015 11:57 p.m., Abdelouahed Haitoute wrote:
> 

> There are two thing I haven’t realized in the development
> environment, because I don’t know how:
> 1. Making the Squid 3.1.10 to use a proxy system, because that’s our
> policy to communicate to the outside world. In apache we use the
> following directive: “ProxyRemote https http://192.168.68.102:3128
> <http://192.168.68.102:3128/>"

In squid.conf:

 cache_peer 192.168.68.102 parent 3128 0


>
> 2. Making the configuration variable as much as possible. So the
> Squid 3.1.10 handles all different http client requests to different
> https servers and send them as a https two-way ssl. Currently it
> only handles request for https.example.com
> <http://https.example.com/>.


Use the sslproxy_* directives instead of cache_peer.


However you have two problems:

Problem A)
 requirements #1 and #2 above are mutually exclusive.

 Obeying #1 involves sending traffic from Squid to the parent proxy for
action.

 Obeying #2 involves opening direct TLS connections from Squid to the
origin servers.


Problem B)
 Translating between http:// and https:// is explicitly forbidden in
both HTTP and HTTPS protocol security requirements.

 Squid does not permit that highly dangerous action to be taken. However
there are several other possibilities depending on what you actually
need done.


Amos



More information about the squid-users mailing list