mån 2007-02-05 klockan 16:47 -0500 skrev Steve Kapp:
> We need an HTTP->HTTPS translator so that internal network traffic may stay
> unencrypted, a requirement from some of our customers. I have seen this
> question asked previously about squid in the archives, and the answer seems
> to be 2.5+ssl patch offers this feature, as does 3.0.
>
> Does 2.6 also support this feature?
Yes.
> Also, does anyone have a sample config file that supports this setup?
There is three ways of using this depending on what your functionality
requirements are:
a) With Squid acting as an accelerator/reverse proxy for a defined list
of sites, upgrading these sites to https. You then use the ssl option to
cache_peer to wrap the request in SSL.
b) By using a HTTP client sending https:// URLs to Squid. Squid will
then maintain the SSL on behalf of the client.
c) Using a url rewriter helper to rewrite selected http:// URLs into
https:// per your own specifications, making Squid process the request
as a https:// request even if the client requested http://
It's also possible to extend Squid with the capability to decrypt
CONNECT SSL proxy requests allowing inspection of https traffic. Contact
me privately if you want a quote on implementing this feature.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST