Re: [squid-users] Share HTTPS over SQUID

From: John Doe <guest01_at_gmail.com>
Date: Mon, 13 Dec 2010 21:00:19 +0100

> The problem that I dont use Squid for a domain or with IIS! Im using
> Squid as Transparent HTTP for caching purpose and to save traffic thus
> I also want share HTTPS if its possible to work with HTTP Transparent
> Enabled .

I suppose you are talking about a transparent forward-proxy achieved by
dest NAT, right?

In my own experience, saving bandwidth/traffic through caching depends
highly on the content. If you are lucky, you will maybe get about 25-30%
hit ratio, the benefit would not be that huge ...

I am not sure if you can save traffic with HTTPs content at all. You can
use a transparent proxy for HTTPs, but it would not be very transparent
for the end user. Because you have to generate a certificate (pem
file[1]), the client will get a warning message when surfing to HTTPs
sites ... Basically, squid is doing a man-in-the-middle-atack and I
personally would complain about that (I would not use it), but probably
most user will just accept and/or ignore it anyway ;-)

jmy2c

[1] openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout
cert.pem -out cert.pem
Received on Mon Dec 13 2010 - 20:00:28 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 14 2010 - 12:00:03 MST