Hello Amos, Thank you for your reply.
> Problem A) > requirements #1 and #2 above are mutually exclusive. > > Obeying #1 involves sending traffic from Squid to the parent proxy for > action. > > Obeying #2 involves opening direct TLS connections from Squid to the > origin servers. Is it possible to send the TLS connection as a HTTP CONNECT tunnel via through the parent proxy? (http://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling <http://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling>) Abdelouahed > Op 14 apr. 2015, om 18:20 heeft Amos Jeffries <squ...@treenet.co.nz> het > volgende geschreven: > > On 14/04/2015 11:57 p.m., Abdelouahed Haitoute wrote: >> > >> There are two thing I haven’t realized in the development >> environment, because I don’t know how: >> 1. Making the Squid 3.1.10 to use a proxy system, because that’s our >> policy to communicate to the outside world. In apache we use the >> following directive: “ProxyRemote https http://192.168.68.102:3128 >> <http://192.168.68.102:3128/>" > > In squid.conf: > > cache_peer 192.168.68.102 parent 3128 0 > > >> >> 2. Making the configuration variable as much as possible. So the >> Squid 3.1.10 handles all different http client requests to different >> https servers and send them as a https two-way ssl. Currently it >> only handles request for https.example.com >> <http://https.example.com/>. > > > Use the sslproxy_* directives instead of cache_peer. > > > However you have two problems: > > Problem A) > requirements #1 and #2 above are mutually exclusive. > > Obeying #1 involves sending traffic from Squid to the parent proxy for > action. > > Obeying #2 involves opening direct TLS connections from Squid to the > origin servers. > > > Problem B) > Translating between http:// and https:// is explicitly forbidden in > both HTTP and HTTPS protocol security requirements. > > Squid does not permit that highly dangerous action to be taken. However > there are several other possibilities depending on what you actually > need done. > > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
