[squid-users] Is there any way to cache or forward https requests to an http proxy using Squid?
Brett Anderson
brett.anderson.ftw at gmail.com
Fri Sep 21 21:00:15 UTC 2018
Thanks again Alex,
For anyone else trying to solve this issue, here's a repo I created which
sets everything up in Docker to allow ssl_bump and cache_peer to work.
https://github.com/brett--anderson/squid_proxy
On Fri, Sep 21, 2018 at 7:53 AM Alex Rousskov <
rousskov at measurement-factory.com> wrote:
> On 09/20/2018 03:26 PM, Brett Anderson wrote:
> > Should I build from the master or a more recent branch?
>
> IIRC, the unofficial branch you are using is the only branch containing
> SslBump with cache_peer" feature today. We are working on submitting
> that code for the official review. Please note that any unofficial code
> comes with additional risks and is not eligible for the official Squid
> Project support.
>
> Alex.
>
>
>
> > On Thu, Sep 20, 2018 at 12:47 PM Alex Rousskov wrote:
> >
> > On 09/20/2018 12:36 PM, Brett wrote:
> > > I currently have squid setup to use a self-signed certificate for
> > MITM to
> > > cache HTTPS requests. This works. [...]
> >
> > > Is there a way I can configure squid so I can specify
> > > it as a proxy for an https request and then have it act as a cache
> or
> > > forward to an HTTP proxy (that supports CONNECT)?
> >
> > AFAICT, you are asking about the missing "SslBump with cache_peer"
> > feature, which was covered in several recent threads, including this
> > email:
> >
> >
> http://lists.squid-cache.org/pipermail/squid-users/2018-July/018653.html
> >
> >
> > > ssl_bump peek step1
> > > ssl_bump bump all
> >
> > This configuration bumps everything at step2.
> >
> >
> > > If I change the ssl_bump directives above to the following:
> >
> > > ssl_bump stare step2
> > > ssl_bump bump step3
> >
> > This (misleading!) configuration should splice everything at step1.
> In
> > other words, it should be equivalent to this (clear) configuration:
> >
> > ssl_bump splice all
> >
> > or a disabled SslBump. According to your tests, that is exactly what
> > happens (and the lack of non-trivial SslBump involvement probably
> > explains why peering works in this corner case).
> >
> >
> > If you need more information about the equivalence of the last two
> > configurations, please consider studying the following wiki page and
> a
> > related recent email thread:
> >
> > * https://wiki.squid-cache.org/Features/SslPeekAndSplice
> > *
> >
> http://lists.squid-cache.org/pipermail/squid-users/2018-September/019162.html
> >
> >
> > HTH,
> >
> > Alex.
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180921/168b1979/attachment-0001.html>
More information about the squid-users
mailing list