LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-26-2009, 10:01 AM   #1
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Reverse proxy using SQUID but only SSL connections


Hello all,

I'm confronted with the following issue:

I have about 8 web applications running on our intranet, some http and a few https. They are not accessible from the outside world and I need to change that for most of those applications. Of course I prefer to do this in the most secure way possible, not just configuring a firewall and putting the server on the WWW for every one to see. So I've been 'sniffing' around on LinuxQuestions and other forums and have been trying out Squid3. I've got it running in a test environment on our intranet to see if it forwards correctly and it does for the http sites. Regarding the configuration of https on the proxy I'm in the dark, so I would like to ask if there's a kind soul (or more than one) on this forum that can help me out, since I'm new to Squid.

Want I would like to do, if possible is the following:

I'll include the necessary directions in DNS so that the sites are available as subdomains on our domain name on https (443).

Our co-workers will access those https://subdomain.domain.com which will get directed to our external IP and subsequently will arrive at our firewall.

The firewall will be configured to forward those connections to the Squid machine which will be in DMZ.

Then Squid should only allow ssl connections and drop all others, also block all other ports, and forward the subdomains to the correct 'origin' server, being https or http. If needed I can add https access to the http only sites.

I also would like to use some kind of authentication, preferable using certificate/password or something.

I hope there's someone here who can help me out with this. BTW, I have Squid installed on a Debian 64-bit OS.

Any help is greatly appreciated.

Kind regards,

Eric
 
Old 07-01-2009, 08:24 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Original Poster
Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Hello,

I stepped away from Squid and got what I want using Pound, which IMHO is a lot easier to configure and does exactly what I need.

Kind regards,

Eric
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 SSL Reverse Proxy doublejoon Linux - Networking 4 08-04-2011 10:29 AM
squid reverse proxy configuration with ssl gogga Linux - Server 0 09-12-2008 09:29 AM
Squid 2.6 Reverse Proxy from Squid(3128) to OrginServer(80) Not working rraj Linux - Server 0 06-06-2008 03:29 PM
Squid 2.5 Reverse Proxy with SSL jonfa Linux - Networking 1 04-29-2008 05:17 PM
Squid reverse proxy with SSL jonfa Linux - Networking 1 02-05-2007 08:07 PM


All times are GMT -5. The time now is 05:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration