Re: Secure HTTP

From: Balint Nagy Endre <bne@dont-contact.us>
Date: Fri, 6 Dec 1996 22:10:33 +0100 (MET)

>
> Hi,
>
> Sorry if this is a FAQ but I am a newcomer to this list and I did not find
> the answer in the different www sites I've visited.
>
> One of our users needs to download a file from a site using secure HTTP. I
> don't know much about this protocol but it does not seem to go through the
> cache. Do any of you has any experience on this topic?
If you mean https://server/path (Netscapes one) then the client should be
configured to use squid as a security proxy (this is netscape terminology.)
In fact the client should send a "CONNECT server:443 HTTP/1.0" to the proxy.
If there are cascaded Squids behind the firewall, then the inner one
should have a
ssl_proxy <the outer squid>
line in squid.conf or the client should be configured to go to the outer
proxy if it is visible by the client.
If the client is directly on the (public) internet, then it should go
directly to the origin server.

If you mean shttp://server... (I never seen this in the real life) the the
situation is very similar because Squid doesn't support the SECURE method
directly, it should be done trough CONNECT using different port (80?).
(Apropos, Duane! Why? Adding support for SECURE method should't be a
complicate thing.)
Again, it needs proper client configuration.

Problems may be caused by netscape proxy autoconfiguration,
because there is no way to choose a different proxy depending on the
method of the request.

Do youe need additional clarification?
 
Andew. (Endre "Balint" Nagy) <bne@CareNet.hu>
Received on Fri Dec 06 1996 - 13:18:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:50 MST