[squid-users] Reverse proxy for ssl site

From: Steve Hodges <steve.hodges@dont-contact.us>
Date: Thu, 22 Jan 2004 06:23:40 -0500

Here's my situation:

I have an internal IP network that offers no internet connectivity. But I
do want to allow clients on this internal network access to only, say, 2
external web sites, such as

   http://blah.company.com/
   https://secureblah.company.com/

I have complete control over the DNS on this internal network, so I am able
to point blah.company.com and secureblah.company.com at a squid that does
have external connectivity.

I know that what I am describing so far is just a reverse proxy. But -- in
the case of the https server, I need SSL negotiation to happen between the
client and the *target* server, not between the client and the squid -- the
squid should only pass the encrypted traffic between the target and the
client. (Of course I cannot obtain a valid cert for secureblah.company.com,
so I must allow the browser to communicate directly with that server.)

I have looked at the archives for quite awhile, and I believe from what I
have read that this can be done (with squid-2.5.STABLE4 or squid3). But I
am a bit embarrassed to say that I cannot figure out the proper squid.conf
statements to make squid behave this way.

Any pointers would be much appreciated.
Received on Thu Jan 22 2004 - 04:23:01 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST