[squid-users] sslbump + DynamicSslCert + url_rewrite_program + NTLM authentication

From: Yonah Russ <yonah.russ_at_gmail.com>
Date: Thu, 10 Feb 2011 14:40:22 +0200

Hi,

I've been using Squid 2.6/7 for a while as a redirecting proxy for
developers to preview their changes as if they are looking at
production websites.
Now I need to support rewriting SSL requests as well and this has
brought me to investigate Squid 3.2/3.1
As both of these seem very new and alot seems to have changed, I'm
hoping you can help point me in the best direction.

I understand that 3.2 has the DynamicSSLCert feature and that a patch
exists for 3.1 as well- which would be the prefered way to implement
this for semi production/internal users?
Is there any way to restrict which sites get bumped and which do not?

I also understand that redirect_program has been replaced with
url_rewrite_program but the interface seems to be fairly backwards
compatible- any gotchas to look out for?
Will the url_rewrite_program have access to the decrypted https
request? If so, will the rewrite program be able to rewrite the
request and still send it over HTTPS?

Have their been changes in Active Directory integration for proxy
authentication? Currently I'm using NTLM and Basic
authentication+winbind but not without issues.

I understand there are some changes regarding SMP. Currently I run
multiple instances of Squid with different configurations(http_port,
redirect_program). Can I consolidate this any with the newer versions?
I'd be interested in sharing the authentication helpers, but still
having different http/https ports and rewrite configurations.

Thanks in advance,
Yonah
Received on Thu Feb 10 2011 - 12:48:34 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST