John Castillo wrote:
>
> the SSL Gatewaying patch worked out. thanks for the autoheader and autoconf
> information. presently i have a working SSL Gateway for my Transparent
> Reverse Proxy configuration!
>
> CLIENT <--- over HTTPS ---> SQUIDPROXY <--- over http ---> INTERNALRESOURCE
Excellent!
> however, NOW i'm told that the connection between the SQUIDPROXY and
> INTERNALRESOUCE also needs to be done over https. i have already tested the
> current config and noticed that i get the expected error of Connection
> Failed (111) Connection Refused. i would assume that this is because
> SQUIDPROXY is trying to access the INTERNALRESOUCE over http, when the
> INTERNALRESOURCE will only work over https.
Well... http://squid.sourceforge.net/ssl/todo.html
> so the new question is:
> 1 - can i use a SSL wrapper (like stunnel or sslwrap) to create the secure
> connection i need from SQUIDPROXY to INTERNALRESOURCE?
Maybe.
> 2 - is this setup hokey or what?
Not yet. See above.
> 3 - i found that Iplanet Proxy (Netscape Proxy) can natively handle this
> sort of secure client to proxy, secure proxy to internal resource
> connection. i wonder if it is capable of doing it transparently for the
> client and i also wonder if its doing this "double encryption".
Well, a proxy is a client when connecting to servers.. the data will be
decrypted and then encrypted again with the key of the proxy.
> compiled
> with --disable-intenal-dns so that a /etc/hosts file can be used to resolve
> the internal ip of internal.mydomain.com.
The Squid-2.5 development versions uses /etc/hosts with the internal DNS
as well...
-- Henrik Nordstrom Squid hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Feb 22 2001 - 00:18:18 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:08 MST