Re: [squid-users] reverse ssl problem.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 23 Mar 2004 19:29:31 +0100 (CET)

On Tue, 23 Mar 2004, Emre CELEBI wrote:

> Configuration Summary:
>
> 1- squid as a reverse proxy in dmz also configured for ssl support.

Ok.

> 2- Web server (Unfortunately IIS cause of some fancy !!! vb/java script
> programs) in the internal network to serve for both outside clients and
> for internal clients.Some directorys on web publishing requie ssl
> connection. this is a must.

Then you need Squid-3, or if you are lucky you can surive with Squid-2.5 +
SSL update patch.

Squid-2.5 as distributed can not initiate SSL connections.

> Question: Is there a way (like ssl tunneling?? dont know how to just know
> about concept) to make squid connect to web server with ssl so that both
> outside and inside clients use ssl to web server pages which setup with
> ssl?

You can use port forwarding / NAT to directly forward any requests for the
https port to your web server without going via Squid. You obviously don't
get the benefit if Squid access controls & logging when doing this, but
instead gain full SSL capabilities including client certificates etc..

Regards
Henrik
Received on Tue Mar 23 2004 - 11:29:33 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST