Re: [squid-users] squid reverse proxy with ssl: access denied

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 02 Nov 2006 20:00:46 +0100

tor 2006-11-02 klockan 15:54 +0100 skrev nick humphrey:

> cache_peer 192.168.0.150 parent 8080 3130 ssl sslflags=DONT_VERIFY_PEER no-query

DONT_VERIFY_PEER opens you to man-in-the-middle attacks. Better to give
it the CA information needed to validate the peer..

Also you need the originserver option to tell Squid it's an origin
server.

Cosmetic note: I find it easier to read using ICP port 0 when using the
no-query option.

Regards
Henrik

Received on Thu Nov 02 2006 - 12:01:13 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST