I've been searching the forums for a solution to this but the info is a little sketchy. I run an SSL enabled webserver behind ASL. It only listens on port 8443 for ssl web traffic. I have the Packet and DNAT rules set to forward traffic to my web server and it all works well. I'd like to have ASLs proxy (Squid) receive requests and forward them to the internal webserver like the SMTP proxy does. It would simply listen on port 8443 and proxy traffic to an internal address on that same port without any caching. Can the squid.conf be adjusted to do this? If so, how. Many thanks in advance. I used to poo poo the idea of a reverse proxy for http, but now that I have a web server, I'm not so brave.
OK, you want to "proxy" inbound traffic using the squid proxy, but with no caching, to an internal webserver?
Without all background info, simplest solution in my mind (that I happen to run myself) is to
1) create DNAT rule for (with service definition of secweb = TCP 8443 , network definition webserver = internal ip) All inbound dest eth1 protocol secweb, change dest to webserver 2) create packet rule for From Any to webserver allow secweb
Weren't you running something like this for the internal network to reach your webserver? This is proxying in its simplest form, I mean why add the additional complexity of squid on the ASL box for the simple purpose of allowing access to your internal webserver, when you don't want the caching? You're doing cert validation and connection logging on your webserver, right?
That's the setup I have now. Simple port forwarding. I was hoping to use the squid proxy to "stand in the way" of protocol violations like the SMTP proxy does. It should proxy the request not just forward port traffic. For instance. If I telnet to port 8443 on my domain, it just passes that traffic to the webserver. With squid in the way, it wouldn't pass that telnet:8443 traffic to the webserver since it isn't http or https traffic. Am I mistaken here?
That's the setup I have now. Simple port forwarding. I was hoping to use the squid proxy to "stand in the way" of protocol violations like the SMTP proxy does. It should proxy the request not just forward port traffic. For instance. If I telnet to port 8443 on my domain, it just passes that traffic to the webserver. With squid in the way, it wouldn't pass that telnet:8443 traffic to the webserver since it isn't http or https traffic. Am I mistaken here?
