On Monday 11 August 2014 at 09:33:31 (EU time), Sapan Shah wrote: > Dear All, > > I would like to configure squid as secured Proxy Server for securing > communication between web browser and SQUID so SQUID will use SSL or > secured connection to web browser for handling HTTPS and HTTP requests.
Security between the client and the proxy, without security between the proxy and the web server? Why? > Example: > 1. When user is trying to access web site like: www.abc.com, > 2. The browser will create SSL/secured connection like HTTPS with SQUID, > 3. The SQUID will manipulate the request, > 4. The SQUID will connect to web site http://www.abc.com as normal HTTP > request/connection. > 5. The SQUID will send response returned from site www.abc.com to the > web browser securely through SSL. Where does Squid sit in the network configuration in the above setup? I'm assuming you don't run the remote website www.abc.com (otherwise you'd just put SSL straight on that). If you have a short, basically private, network connection between the Squid proxy and www.abc.com, then I'd suggest a better way of doing this is to configure Apache in reverse proxy mode, or use stunnel - both of those can accept an inbound SSL connection and convert it to an unencrypted HTTP connection on the private backend link. If Squid is near to the users, and www.abc.com is somewhere "over the Internet", then who are you trying to kid? Giving people an HTTPS connection which then goes unencrypted over the Internet is very bad security practice, because you're making them think they have end-to-end encryption when in fact they don't. You simply should not do this. If you need more guidance on setting up a reverse proxy (either using Apache, or Squid), or using stunnel, you should be able to find several tutorials from an appropriate Google search. Regards, Antony. -- I love deadlines. I love the whooshing noise they make as they go by. - Douglas Noel Adams Please reply to the list; please *don't* CC me.
