On Thu, 13 Nov 2003, zidan wrote: > I am using squid 2.5. I would like all the rules that I configured in > squid.conf (filtering, blocking sites, > different modules, etc.) will also apply to SSL traffic. > > I want the SSL connection to terminate at the squid, so all the traffic > will be inspected as regular HTTP traffic.
Not without servere limitations - SSL will be broken, no longer supporting client side certificates or user selected trust in server certificates. - You will need a custom CA to be installed in each client browser, or else they won't trust that the proxy is the SSL server they wanted to contact. - Squid needs to be extended to generate fake SSL certificates in response to CONNECT requests. (this means coding) - Browser must be configured to use the proxy, or else the proxy will not be able to tell what web site to fake the server side certificate for. Regards Henrik
