Date: Tue, 7 Sep 2004 13:08:23 -0400 From: Charles Swiger <cswiger@mac.com> To: Vladimir Terziev <vladimir.terziev@sun-fish.com> Cc: freebsd-net@freebsd.org Subject: Re: Tunneling HTTPS with Squid Message-ID: <86B15E9E-00F0-11D9-A3E8-003065ABFD92@mac.com> In-Reply-To: <20040907165345.359dd5b6@daemon.cmotd.com> References: <20040907165345.359dd5b6@daemon.cmotd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 7, 2004, at 9:53 AM, Vladimir Terziev wrote: > When HTTP traffic is forwarded with Squid all is ok, because the > proper X-FORWARDED-FOR header is set and we are able to identify the > request issuer. When Squid forwards HTTPS traffic to us, situation is > different, because the only IP which we are able to "see" is that one > of the Squid server. > Now, my question ... is there a way to instruct Squid to create some > kind of tunnel and to forward the HTTPS traffic through it? Hmm. Squid supports proxying https connections, and it will create a tunnel between itself and the SSL server on the other side (using DIRECT rather than an HTTP GET method). However, once you've gotten that SSL tunnel formed, what goes through it is opaque to Squid: Squid cannot add headers or do anything of that sort without violating the encryption. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86B15E9E-00F0-11D9-A3E8-003065ABFD92>