squid and https passthrough

Discussion in 'Installation/Configuration' started by Xitron, Nov 5, 2009.

  1. Xitron

    Xitron New Member


    I've been tasked with putting squid up as a reverse proxy for httpd acceleration, and have a question about https.

    The apache server I'll be proxying as a learning tool - a development machine - has many Rewrite rules turned on, primarily to force http --> https for PCI compliance. Because of all of these rules, if I turn on squid with https and a certificate on board, it could cause a loop of sorts with an argument between the rewrite rules on the apache side, vs. the https and cert on the proxy. The only way I know to avoid this is to take out all the rewrite rules on the apache side, and let the proxy handle all https, passing in http to the actual apache server. The problem with that is that until the DNS change propagates to the internet, those going to the original IP address would go straight to the apache server, with no forced http --> https, which would break my PCI compliance. Especially when I start doing this on production machines which are similarly laid out.

    What I'd like to know is if there is a way for the proxy to do simple passthrough of https requests to the apache server, without trying to decrypt them? If so, I could make the DNS change, wait a couple of weeks for full propagation, and then turn on https on the proxy and turn it off on the apache.

    Please let me know if better info is needed to answer this question, or if I need to state it differently to make it more clear.


    Unca Xitron

Share This Page