Tunneling HTTPS with Squid
Charles Swiger
cswiger at mac.com
Tue Sep 7 10:08:29 PDT 2004
On Sep 7, 2004, at 9:53 AM, Vladimir Terziev wrote:
> When HTTP traffic is forwarded with Squid all is ok, because the
> proper X-FORWARDED-FOR header is set and we are able to identify the
> request issuer. When Squid forwards HTTPS traffic to us, situation is
> different, because the only IP which we are able to "see" is that one
> of the Squid server.
> Now, my question ... is there a way to instruct Squid to create some
> kind of tunnel and to forward the HTTPS traffic through it?
Hmm. Squid supports proxying https connections, and it will create a
tunnel between itself and the SSL server on the other side (using
DIRECT rather than an HTTP GET method).
However, once you've gotten that SSL tunnel formed, what goes through
it is opaque to Squid: Squid cannot add headers or do anything of that
sort without violating the encryption.
--
-Chuck
More information about the freebsd-net
mailing list