[squid-users] Add header to SSL requests to my own domain using my domains certs

James Beecham james.d.beecham at gmail.com
Sun Feb 15 22:40:52 UTC 2015


Hi Yuri,

Thank you.

Are these HTTPS CONNECT requests coming over port 80? If not would I need
to make a rule to forward 443 to another Squid port configured to ssl_bump?

James

On Sun, Feb 15, 2015 at 2:37 PM, Yuri Voinov <yvoinov at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>
> 16.02.15 4:02, James Beecham пишет:
> > Hello,
> >
> > Thank you to everyone who works on this great project! I have been
> > using Squid as an intercept for a while now and am very happy.
> >
> > I have a high level question regarding SSL_Bump.
> >
> > My company recently switched to using SSL for our web services,
> > which requires me to make some changes to the way that we use
> > Squid.
> >
> > I have a need to place a header value into requests coming to our
> > own domain (ex. https://www.myhost.com) for proper usage. Before
> > using SSL I was using request_header_add without any issues and
> > getting perfect performance. Now with SSL I still need to get a
> > header value into the requests to our domain.
> >
> > I do not wish to bump/inspect all traffic over 443, I only wish to
> > add a header to request to my own domain. Since I am the domain
> > admin I have access to the certs from the CA. I understand how acls
> > work and am not concerned about setting this up.
> >
> > I would like to know what you all think about using our domains
> > actual certs (www.myhost.com) to bump only that domain and add the
> > header field that I need. Will this allow me to modify the header
> > without the client knowing or their browser telling them about man
> > in the middle? My knowledge of SSL/TLS is low but growing
> > everyday.
> >
> > Thank you for your attention and please ask more questions if my
> > situation is not clear.'
> >
> > James
> >
> >
> >
> > _______________________________________________ squid-users mailing
> > list squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJU4R+xAAoJENNXIZxhPexGap0IAI8I9aimys3+1pdZAPWYtxDQ
> N4Otv7Lz8rJx+TJGITgHbsvg5l09plilGLz2LmA05IkqpSOEtEGVQMUusx8sI/kH
> G9fPlY0r1MD2IUs5nKD9HK/oqZ2FhUceJG+XLs1tKCsPgMLSmIiEzGg4oM2pZEzw
> h3kH2b8hP7BHUWh2TtPkpjxVT37wFfJ+mX87M2F47Fz7Dc9149g/bugDo9yk4WjY
> 9Nx/zHahDLK4PCwgKySQZOHFyK0NNH52R6kBDNcILnUrvuCzp0yGbIxPCD2AuS4U
> bMj4J+e+o8eqrwAw63/vVDtC2yoGUlYW6z5KuxbYZbBSTq4fJW2lk+5N5lmWmu0=
> =lPPU
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150215/98bf50a4/attachment.html>


More information about the squid-users mailing list