[squid-users] RE: Re: Encrypted traffic with proxy server?

From: Adam Aube <aaube01@dont-contact.us>
Date: Wed, 14 Jul 2004 11:40:22 -0400

Chris Perreault wrote:

> We've set up a reverse proxy with the --enable-ssl option. Our back end
> webservers are http on port 80. Squid only accepts traffic from port 443.
> The browsers are connecting to the proxy (run in accelerator/reverse proxy
> mode) All traffic between internet users and the proxy are ssl. From the
> proxy to our web servers are not ssl.
>
> A proxy is not the same as a reverse proxy, although it is close. One
> solution would be to have 2 squid boxes in a server room, where the only
> sniffing that could be done would have to be done within the server room.
> Configure one has a reverse proxy, sending all traffic to the normal
> proxy.
>
> Student PC --> ssl connection--> squid as reverse proxy in server room -->
> port 80 -->squid as proxy in server room --> internet webservers

Ugh - that's a mess. If you have to use Squid in accelerator mode to get SSL
support (which may be the case with Squid 2.5 - I know it's not with Squid
3), then it would be better just to run an instance of Stunnel (or similar)
on the server, then have it forward requests to Squid over loopback.

Client Browser -> Client Stunnel -> Server Stunnel -> Squid

Adam
Received on Wed Jul 14 2004 - 09:38:09 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT