[squid-users] reverse ssl problem.

From: Emre CELEBI <ecelebi@dont-contact.us>
Date: Tue, 23 Mar 2004 19:15:44 +0200 (EET)

Hi all,

i wonder if anyone in this list has tried a configuration with squid like
drawn below and made it functional? Any idea and suggestion would be
helpfull. thanks in advance.

Configuration Summary:

1- squid as a reverse proxy in dmz also configured for ssl support.
2- Web server (Unfortunately IIS cause of some fancy !!! vb/java script
programs) in the internal network to serve for both outside clients and
for internal clients.Some directorys on web publishing requie ssl
connection. this is a must.

Problem: Since squid can not directly simulate ssl connection (correct me
if im wrong! ) with web server for reverse proxying, when ssl support in
web server is set up, outside users cant reach the ssl pages, of course
internal users can. If web server is not set up with ssl support then
outside users can reach ssl pages since squid terminates the ssl
connection on itself and talk http with web server (correct me if im
wrong), but this time inside users reach the ssl pages with http (which is
not desired for security).

Question: Is there a way (like ssl tunneling?? dont know how to just know
about concept) to make squid connect to web server with ssl so that both
outside and inside clients use ssl to web server pages which setup with
ssl?

Desired configuration with artistic schema:

   ---------------- ------------------ ---------------
   | Web Ser. | | squid in | | out.clients |
   |with ssl pages| <-https- | reverse mode |<-https |--------------
   ---------------- ------------------
       |
       | https
   -----------------
   | inter. clients|
   -----------------
Received on Tue Mar 23 2004 - 10:12:23 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST