[squid-users] question about encrypted connection between https client and Squid
Yuri Voinov
yvoinov at gmail.com
Sun Mar 1 21:01:04 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
02.03.15 2:55, Eliezer Croitoru пишет:
> Hey Yuri,
>
> On 01/03/2015 20:17, Yuri Voinov wrote:
>> Normally you never use CONNECT method over HTTP ports. This is
>> prohibited by squid basic security requirements.
>
> The above statement is true only if the proxy admin prohibit this.
> A CONNECT method can be allowed and can be used for any purpose
> what so ever the admin of the server sees right. There are basic
> default settings which allows the usage of a CONNECT method only to
> access specific "ssl safe ports".
Sure. But this is best option for newbies.
>
> The "right" way (if these one) to access squid using an encrypted
> channel would be throw either a tunnel or another proxy which can
> forward the request into squid. If the client supports encrypted
> proxy connection you can try to use squid 3.5.2 and a combination
> of haproxy in-front.
Will can. When it will completely functional with interception bumping.
> On the haproxy use a ssl based listening port while between haproxy
> to the squid service you would need to use an unencrypted channel.
> Then you can use haproxy PROXY protocol to let squid know what is
> the client src IP address.
This is environment-specific and non-common.
>
> All The Bests, Eliezer
>
> * I did not tested this feature yet but it is on my todo list, for
> now 3.5.2 seems very stable.
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU834QAAoJENNXIZxhPexGiaoIAK2QPyX8iCoSqUyDtBE6j6wN
hx/3gtSYtC697YmqQjti/U1X1F++eSjh8xgLi0Qna9jAyRkN7P9VkJHDqM1CL09g
VXqB8sLBxSFH7RBWOl0ytVHtvyiIC0FSafNxlXONJb1lRXxo5cH6zHw4CK+vrdvM
ZUZIBrfzAvK69yMw97mPwl+RdZxFrAQHSFbu4TrycAr0zaxHM8BGZwhCBjNluJ1M
rGVqLDiu0wi9EMdiYNpn6pvCFzc77+Lsui2XdHxN0ztcumOLgveLVq8dMsm6KcGc
yKwchfW/ATg/krCO4pgdpkX59ttBRKT1WFTpE8IDA16cg/olOCaDGvMTMWYpSsU=
=31rK
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list