On fre, 2008-06-06 at 22:59 +0800, Ken W. wrote:
> I want to set squid, which accepts https from clients, then forward the
> request to original server with http protocal.
>
> This is the setting I considered:
>
> https_port 443 accel vhost cert=/squid/etc/xxx.crt key=/squid/etc/xxx.key
> protocol=http
Don't use protocol= unless you absolutely need it.
> cache_peer 10.0.0.1 parent 80 0 no-query originserver name=origin_1
> acl service_1 dstdomain .xxx.com
> cache_peer_access origin_1 allow service_1
Looks fine.
> Then I access to squid with this way:
> https://www.xxx.com/
>
> Can squid accept this https request and forward it to original server with
> http correctly?
Yes.
But you are quite likely to run into issues with the server sending out
http:// URLs in it's responses unless the server has support for running
behind an SSL frontend. See for example the front-end-https cache_peer
option.
> btw, what's the usage of "protocol=http"? I can't understand for it
> enough.
It's the protocol Squid should internally assign to the requested URL.
When acting as a web server / accelerator the request does not contain
information on the protocol used, just the request-path.
It has only marginal practical importance, and is best left at the
default automatic setting unless you have very special reasons to change
it.
Regards
Henrik
Received on Fri Jun 06 2008 - 21:50:54 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 07 2008 - 12:00:03 MDT