Re: [squid-users] interception proxy and ssl

From: Adrian Chadd <adrian@dont-contact.us>
Date: Thu, 29 Mar 2007 23:23:17 +0800

On Thu, Mar 29, 2007, Emilio Casbas wrote:

> I reply myself, I have found the response in this thread
>
> http://www.squid-cache.org/mail-archive/squid-users/200102/0816.html
> and the possible solution:
> http://www.squid-cache.org/mail-archive/squid-users/200102/0822.html
>
> Then the question now is, ?does squid support the transparent SSL proxy?
> or, is there any plan to support it in a future version?

Its not that hard to implement! I'm suprised noone's just gone ahead
and done it. Lots of people seem to want it, and this project is heavily
driven by people contributing code which implements the kind of behavour
they were after.

In essence, you'll do this (which only works for transparently intercepted
connections, btw.)

* listen on a port
* accept a connection
* do the ACL lookups you can - source/destination IP, source MAC, time.
  srcdomain maybe.
* if successful, look at how the ssl tunneling code in Squid currently works
  and basically do that - so SSL requests are either forwarded directly to
  the origin or tunneled via a CONNECT to another proxy.

If someone offered Henrik or I a small fee then we could squeeze it into
our current workloads and get it into Squid-2 and Squid-3. That, or write
the code up and submit it - we'll then review it and commit it when its
ready.

Adrian
Received on Thu Mar 29 2007 - 09:12:48 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT