Re: [squid-users] ssl/acl problem with cache_peers

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 12 Jul 2013 20:33:39 +1200

On 12/07/2013 7:52 p.m., Hubeli Daniel wrote:
> Hi all, I'm posting for an ssl/acl problem.
>
> In my configuration I have 2 proxies, 1 Internal proxy (used by internal users) that serves internal websites and that escalate (cache_peer) to another proxy (external) when needs to go outside.
>
> My problem is that an internal server now needs to reach an external website (via SSL/HTTPS) but I need to filter the access on just some paths (the internal server will contact the internal squid that should user the cache_peer to reach the "external" site).
>
> From what I've learnt about squid the way to filter paths with HTTPS protocol is to use ssl_bump directive. Actually I've already configured the internal squid with ssl_bump (I've just upgraded to 3.3.7):

The best solution is to have that internal Server send the requests as
normal HTTP requests to Squid. Squid is perfectly capable of taking HTTP
traffic and wrapping it inside SSL to form HTTPS traffic on the Internet
connections (see the sslproxy_* squid.conf directives) . If you need the
extra security of an SSL link between that server and Squid then open an
SSL/TLS connection to Squid https_port and send the requests as normal
HTTP requests inside that.

Amos
Received on Fri Jul 12 2013 - 08:33:47 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 12 2013 - 12:00:12 MDT