Thanks Henrik. One thing I'm not clear on is how DNS works in this scenario. Does the remote client resolver resolve hosts, or does the browser just forward on the url to the proxy and the proxy does the lookup on behalf of the client?
If this is the case, I would imagine that by setting your browser's proxy setting to the proxy address, and the proxy using the intranet DNS server, things would work without having to modify the intranet content. Is this not the case? In a nutshell, I've been tasked with creating a reverse proxy (preferably SSL) that will allow remote clients to set this system as their proxy in their browser, and see intranet web servers. I envision this: setting up a squid proxy with two nics, one internally addressed, the other publicly addressed. setting up the proxy to use the internal DNS servers for hostname resolution. setting the proxy to only proxy for the internal domain (this way the remote client would have to disable using the proxy for internet access, and enable for intranet access. ?!?) setting up some type of proxy authentication. (NTLM maybe) Basically I've been tasked to make this work, and need to know if it's feasible with squid. If so making it work is the next step. thanks for all the help! -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 1:09 AM To: John Hally Cc: Squid Users Subject: RE: [squid-users] reverse ssl-proxy? On Tue, 18 Nov 2003, John Hally wrote: > It would be a proxy for multiple servers. I'm thinking something like 5-10 > web service servers. You wouldn't happen to have a sample config file, > would you? I've looked through the docs and it looks like it gets complex > pretty quickly. Do you think it would make sense to use Apache instead with > mod_ssl and mod_rewrite? The complexity is pretty much the same when using Apache. The complexity comes from having to merge the URL namespace of all the web services into one large virtual server from where the content of all the published services are found. mod_ssl == https_port in squid mod_rewrite == redirector in squid If the content can be adjusted for being published on the Internet via the reverse proxy then things are not as complex. Regards Henrik
