[squid-users] Reverse proxy (httpd accelerator) -dns based with ssl

From: jean-pierre Cordeau <hbarre@dont-contact.us>
Date: Wed, 23 Oct 2002 06:58:27 -0400

Hello squid users, I am new to squid, although I've read the FAQs and some postings on this group.
I was wondering if the following could be done with Squid
- before I start diging into the configuration issues...

1 - we have a couple of web sites on our private internal network : www1.company.com, www2.company.com.
There is an internal DNS to resolve those names (10.x.y.1) (10.x.y.2). These web sites are http
(and possibly https)

2 - we would like to set up a reverse proxy in our DMZ and have our public DNS answer querys for
www1 and www2 but with the public ip address of the reverse proxy www1 = Squid-host;
www2=squid-host. Then have squid do an internal DNS request to get to the internal web sites.
(With this scheme, the url would be the same if the user is on the internal network or on the internet).

Also, when the user is on the Internet,

3 - we would like some authentication from the proxy (LDAP) so that only allowed users can access
 the internal web servers
and

4 - would like an https connection from the browser to the reverse proxy
(so that user authentication is not in clear text)

As I understand, Squid can do 1,2 and 3 - is this correct?

but I could'nt get a clear answer for 4.

The whole point is to bypass urlrewritting (having the same url's inside and outside), but still have the
security when an external user wishes to access internal information.

Are there some minor problems with this scheme which we should be aware of
(i.e. differences between https url's and http url's; session cookies not being sent to the external browser ...)

Thanks
Received on Wed Oct 23 2002 - 05:01:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:52 MST