From owner-freebsd-net@FreeBSD.ORG  Tue Sep  7 13:53:50 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0154616A4CE
	for <freebsd-net@freebsd.org>; Tue,  7 Sep 2004 13:53:50 +0000 (GMT)
Received: from sun-fish.com (blah.sun-fish.com [62.176.125.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6FE6D43D5D
	for <freebsd-net@freebsd.org>; Tue,  7 Sep 2004 13:53:49 +0000 (GMT)
	(envelope-from vladimir.terziev@sun-fish.com)
Received: by sun-fish.com (Postfix, from userid 1008)
	id D877914A9A; Tue,  7 Sep 2004 15:53:45 +0200 (CEST)
Received: from daemon.cmotd.com (daemon.cmotd.com [192.168.3.104])
	by sun-fish.com (Postfix) with SMTP id 37F8D14A8E
	for <freebsd-net@freebsd.org>; Tue,  7 Sep 2004 15:53:45 +0200 (CEST)
Date: Tue, 7 Sep 2004 16:53:45 +0300
From: Vladimir Terziev <vladimir.terziev@sun-fish.com>
To: freebsd-net@freebsd.org
Message-Id: <20040907165345.359dd5b6@daemon.cmotd.com>
Organization: SunFish Ltd.
X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i386-unknown-freebsd4.9)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Tunneling HTTPS with Squid
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2004 13:53:50 -0000


	Hi all, 

	I have the following prolem:

	Our ISP makes audit of all web traffic going to our servers in order to prevent different kind of attacks against them. The ISP then forwards the traffic which is clean using Squid.
	Our web application needs to know the client computer IP in order to make different kind of checks.
	When HTTP traffic is forwarded with Squid all is ok, because the proper X-FORWARDED-FOR header is set and we are able to identify the request issuer. When Squid forwards HTTPS traffic to us, situation is different, because the only IP which we are able to "see" is that one of the Squid server.
	Now, my question ... is there a way to instruct Squid to create some kind of tunnel and to forward the HTTPS traffic through it?

	10x in advance!

		Vladimir