[squid-users] Passthrough SSL connection to localhost

From: Wah <jkwah@dont-contact.us>
Date: Mon, 16 Aug 2004 21:12:21 +0800

Dear Sir,

Firstly, I want to setup a firewall reverse proxy in front of apache
since I read a article as below url:
http://www.rajeevnet.com/hacks_hints/security/rev-squid-proxy.html

In fact, I want to know how does Squid get work like it is said in below
url.
http://www.squid-cache.org/Doc/FAQ/FAQ-19.html
"By default, Squid connects directly to origin servers for SSL
requests..."

Secondly, I don't understand totally the following which resides in
squid.conf, it makes me that Squid would handle ssl request
automatically.

http_port 80
http_access deny CONNECT !SSL_ports

I'm confused the following description as well.
http://www.mail-archive.com/squid-users@ircache.net/msg01625.html
"... No. Squid acts as a tunnel only. It does not support SSL to
itself, but SSL connections work _via_ squid because it understands the
CONNECT method (allowing clients to establish a tunnel for an SSL
session)....."

At last, it seems that ssl request would be passed to apache(localhost)
by Squid.
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html
"Normally, when you type an https URL into your browser, one of two
things happens.
1. The browser opens an SSL connection directly to the origin server.
2. The browser tunnels the request through Squid with the CONNECT
request method."

All in all, sorry for my troubles.....

Really Thanks,

Wah
Received on Mon Aug 16 2004 - 07:15:17 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT