how to use the packaged squid for httpS ?
James Gray
james at gray.net.au
Fri May 23 23:18:50 UTC 2008
On 24/05/2008, at 7:29 AM, Mihamina Rakotomandimby (R12y) wrote:
> Hi,
> I would like to setup an HTTPS proxy just with packages.
> I already setup a just-HTTP one successfully, but I saw that the
> available version has no ssl enabled...
> Any howto just using packages?
The SSL implementation in Squid is for when you are running a reverse
proxy in front of a server farm and want to use SSL for those
servers. This is a rather unique use case and I'm guessing not what
you're after. If you are trying to cache SSL content for outbound
clients on a LAN, etc, then the simple answer is, you can't. HTTP
wont allow it, and nor should it. If you actually think about what is
happening if you cache SSL content on a proxy, it becomes clear why
you can't without breaking the end-to-end security of an SSL
connection. The proxy becomes a "man in the middle".
Squid can proxy SSL connections, but can't cache them. All it really
does with SSL connections is pass them through without modification.
This will allow you to audit the sites users access (both where, when
and how much data) but you wont be able to see *what* they access (the
payloads etc). You can't transparently proxy SSL either - same
problem as caching SSL content. You need to specifically configure
the browser to use a proxy and then SSL through squid will work quite
well; there's no special configuration needed for clients to use a
squid proxy with SSL sites.
Hope this answers your question :)
Cheers,
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080524/4a12cd40/attachment.bin>
More information about the ubuntu-users
mailing list