[squid-users] Squid Upstream Configuration Query
Alex Rousskov
rousskov at measurement-factory.com
Mon Jun 20 15:24:26 UTC 2022
On 6/20/22 04:49, Honey Bajaj wrote:
> as a part of Enterprise security and consolidation, we are asked to
> onboard a commercial SaaS based proxy solution. This solution requires a
> SSL certificate to be embedded in every application which a commercial
> vendor has shared with us. To simplify this process, we are evaluating
> if Squid can play following role:
>
> Application (no ssl configuration) --> Squid (Upstream configuration
> hosting SaaS client certificate) --> SaaS Proxy --> ExternalURL
>
> kindly suggest if this can be achieved.
Yes, if SaaS Proxy is an HTTPS proxy, then Squid can be configured to
authenticate itself using a configured client certificate while talking
TLS to that SaaS proxy. Here is a (somewhat redundant by explicit)
configuration sketch to get you started:
cache_peer ... parent tls sslcert=squid.pem ...
nonhierarchical_direct off
never_direct allow all
always_direct deny all
The "tls" option is spelled "ssl" in earlier Squids IIRC.
See squid.conf.documented for details.
HTH,
Alex.
More information about the squid-users
mailing list