[squid-users] Rewriting HTTP to HTTPS for generic package proxy

Fiehe, Christoph c.fiehe at eurodata.de
Wed Jul 10 10:57:57 UTC 2024 

The idea behind was to find a way to cache packages from a repository that only provides HTTPS-based connections. It would work, when the HTTPS connection terminates at the Squid Proxy and not at the client, so that the proxy can forward the message payload to the client using normal HTTP. Apt-Cacher-NG implements the behavior, but it seems to be too buggy to use in a productive environment.

There is no way to achieve that with standard Squid mechanisms?

Regards,
Christoph


>-----Ursprüngliche Nachricht-----
>Von: squid-users <squid-users-bounces at lists.squid-cache.org> Im Auftrag von Amos Jeffries
>Gesendet: Mittwoch, 10. Juli 2024 11:42
>An: squid-users at lists.squid-cache.org
>Betreff: Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy
>
>On 10/07/24 10:25, Fiehe, Christoph wrote:
>> Hallo,
>>
>> I hope that somebody has an idea, what I am doing wrong. I try to build a generic
>package proxy with Squid and need the feature to rewrite (not redirect) a HTTP request to
>a package repository transparently to a HTTPS-based package source.
>
>The "Wrong" starts with the very idea you have that re-writing a URL
>scheme is even useful.
>
>
>While it mas *seem* like an okay idea, what you are actually doing is
>exposing the HTTPS secured Response message to transmission over
>insecure connections from Squid to client. That is prohibited by HTTPS
>which assumes/requires encryption negotiated between the origin client
>and the origin server.
>
>
>The best you can do for a regular proxy. Is *redirect* the http://
>requests with a 302 message telling the client to use https:// instead.
>
>
>   ...
>   http_access deny !to_archive_mirrors
>
>   acl HTTP proto HTTP
>   deny_info 302:https://%>rd%rp HTTP
>   http_access deny HTTP
>
>   http_access allow src_networks
>   ...
>
>
>
>HTH
>Amos
>
>_______________________________________________
>squid-users mailing list
>squid-users at lists.squid-cache.org
>https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list