+ Post New Thread
Results 1 to 8 of 8
*nix Thread, how to make squid a https proxy in Technical; Ive got a squid proxy running and its working great. How though can I make it so that its a ...
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199

    how to make squid a https proxy

    Ive got a squid proxy running and its working great. How though can I make it so that its a https proxy and that everytihing between me and the proxy gets encrypted?

    edit: its not an internal proxy I use it from external only

  2. #2

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    anyone able to poiint me in the right direction i might be able to find any docs?

  3. #3

    Join Date
    Aug 2009
    Posts
    33
    Thank Post
    3
    Thanked 10 Times in 10 Posts
    Rep Power
    11
    Quotes from here
    Finally, as far as transparently proxing HTTPS (e.g. secure web pages using SSL, TSL, etc.), you can't do it. Don't even ask. For the explanation, do a search for 'man-in-the-middle attack'. Note that you probably don't really need to transparently proxy HTTPS anyway, since squid can not cache secure pages.

    I havent tried it but am going to go on that. There was a few more sites that said the same.

  4. #4

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Its not a transparent proxy and Im not using it as caching. Im using it from external from the network so I can browse using my networks IP. It has authentication enabled.

    What im looklng for is for the connection from wherever i am in the world back to the proxy server to be encrypted.

    Is that possible?

  5. #5

    Join Date
    Feb 2009
    Posts
    95
    Thank Post
    3
    Thanked 33 Times in 32 Posts
    Rep Power
    17
    If you don't want to bother with the Squid and you've got SSH access to the server just setup a SSH proxy connection to the machine and point your browser's socks proxy to the localhost. Essentially:
    Code:
    ssh -D 8080 -Nf username@myserver.com
    Then set the socks proxy to: localhost:8080
    If you google for proxy via ssh or something you'll find more detailed notes

    Otherwise again using SSH, you can do some port redirection (tunnel) to get the connection to go via your server:
    Code:
    ssh -L 8080:localhost:8000 username@myserver.com
    Where 8000 is the port your squid is listening on and 8080 is the port you'll forward data locally from. So in this configuration you'd set your HTTP proxy up as localhost:8000 and that should send all traffic to myserver.com:8000 but over the encrypted SSH tunnel.
    Again google for ssh local port forwarding and you should find more information
    Last edited by Chillibear; 10th January 2010 at 09:38 PM.

  6. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    IVe already got openvpn set up for complete ssl tunneling from my main computers

    I was just looking for a simple way that if i sat down at a random computer, internet cafe etc for example, i could just change the browser proxy and have a secure proxy.

    Seems I cant. No worries.

    Cheers

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,462
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    That's correct - you can't do this reliably. Even if you could force all traffic between you and the proxy into https, you'd still have the authentication issue - preventing other people from doing the same. You could use proxy auth there I suppose - but a VPN is neater.

    You could try setting up one of the page translation proxies students use to get around web filters - they can run https, and you can reasonably easily authenticate it.

  8. #8

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Quote Originally Posted by tom_newton View Post
    That's correct - you can't do this reliably. Even if you could force all traffic between you and the proxy into https, you'd still have the authentication issue - preventing other people from doing the same. You could use proxy auth there I suppose - but a VPN is neater.

    You could try setting up one of the page translation proxies students use to get around web filters - they can run https, and you can reasonably easily authenticate it.
    Ive got proxy auth all set up for squid as it is now to stop randoms from using it.

    I tried php-proxy or whatever it was but it doesnt really work very well.

    No worries.. Ill just keep it as is. Cheers for the replies

SHARE:
+ Post New Thread

Similar Threads

  1. Squid Proxy Server Keeps Stopping
    By wellscs in forum *nix
    Replies: 39
    Last Post: 17th March 2009, 02:49 PM
  2. Squid Upstream proxy
    By Lee_K_81 in forum *nix
    Replies: 14
    Last Post: 20th January 2009, 11:04 AM
  3. Replies: 1
    Last Post: 12th December 2008, 03:10 PM
  4. Squid - Transparent - HTTPS Issue
    By ahuxham in forum *nix
    Replies: 1
    Last Post: 25th May 2008, 11:04 AM
  5. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 06:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •