There is three ways of using this depending on what your functionality
requirements are:
a) With Squid acting as an accelerator/reverse proxy for a defined list
of sites, upgrading these sites to https. You then use the ssl option to
cache_peer to wrap the request in SSL.
b) By using a HTTP client sending https:// URLs to Squid. Squid will
then maintain the SSL on behalf of the client.
Here, the client has to send the https:// request using HTTP to the
proxy, just as it does for http://. This is:
GET https://www.example.com/path/to/file HTTP/1.1
[headers]It does not work for clients using the CONNECT method asking for a SSLtunnel over the proxy.
At this case, the clients are knowing they should not run the SSL themselves and
delegating this task to the proxy. They don't have any SSL capabilities and instead
rely on the proxy to perform the SSL encryption.
c) Using a url rewriter helper to rewrite selected http:// URLs into
https:// per your own specifications, making Squid process the request
as a https:// request even if the client requested http://
At this case, the clients are emulating this by rewriting http:// URLs into https://
at the proxy.
It's also possible to extend Squid with the capability to decrypt
CONNECT SSL proxy requests allowing inspection of https traffic.
For more information on this way you can contact with Henrik Nordstrom.
Contactos de squid.
No hay comentarios:
Publicar un comentario