On Mon, 13 Dec 2010 00:20:23 +0330, purgat wrote:
> On Sun, 2010-12-12 at 14:19 -0600, Luis Daniel Lucio Quiroz wrote:
>> Le dimanche 12 décembre 2010 11:00:43, guest01 a écrit :
>> > Maybe not exactly what you are looking for, but have you thought of
>> > using IPSec? You could deploy IPSec and encrypt every connection from
>> > your clients to the Proxy.
>> > I don't know what you are trying to achieve, but if your objective is
>> > to encrypt connections from the Clients to the proxy, IPSec would be
>> > perfectly transparent and scalable.
>> >
>> > On Sunday, December 12, 2010, purgat wrote:
>> > > Hi
>> > > I have seen similar discussions in the list in the past but none
>> > > exactly
>> > > answers my question.
>> > > This is the setup I am looking for:
>> > > a server somewhere out there runs one or more instances of squid.
>> > > user at home sets up the browser to use the proxy.
>> > > whenever user puts an address in their browser address bar,
request,
>> > > is
>> > > encrypted with ssl and sent to squid. Instances (if more than one
is
Squid provides https_port for accepting SSL connections from clients.
THE PROBLEM is that browsers do not use it for browser->proxy
communications.
>> > > necessary) of squid then request the page through normal http from
>> > > the
>> > > Internet and send the response through ssl back to the client.
>> > > Unfortunately the answers I have seen to this question in past seem
>> > > to
>> > > ignore the fact that the user may want to use different websites. I
>> > > don't want just a couple of addresses to be accelerated by squid
and
>> > > sent through ssl. What I am looking for is not a normal reverse
>> > > proxy,
The common examples are all reverse proxy because that is the only way
browsers will play nice and send requests to Squid over SSL.
Squid itself does not fuss over whether the socket is receiving forward or
reverse mode traffic. Only intercepted traffic has any problems on arrival,
and preventing that is why you use SSL right?
>> > > glorified with ssl. Unfortunately there is no example of such a
>> > > setup in
>> > > wiki though I know a lot of people would want this set up for
>> > > securing
Remove the "accel" and related reverse-proxy options from any of the good
tutorial configs, use a certificate having the proxy public domain
name/port and you have a forward-proxy HTTPS listening setup.
"simples"(tm).
>> > > data in their unsecure local network. The explanations on the web
>> > > about
>> > > how to set this up come short of explaining a lot of things about
an
>> > > already complex matter.
>> > > Is Squid able to help me with this?
>> > > By the way... ssh tunnelling is not an option for me.
Roll up your sleeves then and dig in.
Firefox has an open bug requesting this behaviour be supported. They need
code help and/or incentive by the looks of it.
Amos
Received on Mon Dec 13 2010 - 01:04:17 MST
This archive was generated by hypermail 2.2.0 : Mon Dec 13 2010 - 12:00:02 MST