[squid-users] Non-standard proxy setup

Tardif, Christian christian.tardif at bell.ca
Tue Jul 9 13:10:21 UTC 2019


Hi,

I'm trying to figure out how to make the following setup work:

I have a node on which there's an application which isn't proxy aware so basically, the only remaining option would be to use a transparent proxy. But my corporate proxy isn't a transparent proxy. So I have to build this in two layers. My solution would be to:


1)     Have a squid proxy on the node's router host configured as a transparent proxy for both HTTP and HTTPS

2)     Have this squid proxy configured to talk to the parent host, which would be my corporate proxy

3)     Have this squid proxy able to decide if a particular flow should go to the corporate proxy or connect "directly" with the destination host

I've been successful at tasks #2 and #3 (well, in fact, I did it with tinyproxy but stopped because of task #1

I've partly succedded at task #1. In fact, it worked for HTTP. I haven't figured out how to do it for HTTPS. My questions are:


1)     I do not understand how the client would be able to perform a CONNECT to reach squid in HTTPS. So I'm assuming that there's some other magic.

2)     The second thing I don't understand is the certificates management. Let's say my node tries to reach https://www.google.com but does not know anything about the proxy. I assume that the client will get the certificate from squid in some way, but would probably expect to receive a certificate from Google. How would that work?

Can someone help me?   I'm running out of options...

Thanks,

Christian Tardif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190709/fe8a972b/attachment.html>


More information about the squid-users mailing list