Here's my situation: I have an internal IP network that offers no internet connectivity. But I do want to allow clients on this internal network access to only, say, 2 external web sites, such as
http://blah.company.com/ https://secureblah.company.com/ I have complete control over the DNS on this internal network, so I am able to point blah.company.com and secureblah.company.com at a squid that does have external connectivity. I know that what I am describing so far is just a reverse proxy. But -- in the case of the https server, I need SSL negotiation to happen between the client and the *target* server, not between the client and the squid -- the squid should only pass the encrypted traffic between the target and the client. (Of course I cannot obtain a valid cert for secureblah.company.com, so I must allow the browser to communicate directly with that server.) I have looked at the archives for quite awhile, and I believe from what I have read that this can be done (with squid-2.5.STABLE4 or squid3). But I am a bit embarrassed to say that I cannot figure out the proper squid.conf statements to make squid behave this way. Any pointers would be much appreciated.
