Squid url 将 https 重写为 http
我正在探索 Squid proxy 2.7 的一些用途,并且我已经看到了大量采用 url 的 url 重写示例,例如: http://somesitename.com 然后重写器可以将 url 更改为: https://somesitename.com
这些示例效果很好。
但我想知道是否可以使用鱿鱼网址重写器进行相反的操作。也就是说,从 https://somesitename.com 转到 http://somesitename.com ?
仅仅尝试编辑处理重写的脚本文件似乎并不能解决问题。所以我想知道是否有一些特定的事情我必须首先配置鱿鱼来做,如果它甚至可以做我所要求的事情。
我手动将浏览器设置为让鱿鱼作为所有请求的代理,并且我可以看到 https 请求显示在我的鱿鱼 access.log 文件中(通过 CONNECT 方法)。
I'm exploring some uses with Squid proxy 2.7 and I have seen a good number of examples for url rewrites that take urls such as:
http: //somesitename.com
and then the rewriter can change the url to:
https: //somesitename.com
And those examples work great.
What I'm wondering though, is if its possible to do the reverse with a squid url rewriter. that is, to go from https: //somesitename.com to http: //somesitename.com ?
Simply trying to edit the script file that handles the rewrites doesn't seem to do the trick. So I was wondering if there are some certain things I have to configure squid to do first, if its even possible to do what I am asking.
I have my browser manually set up to have squid as a proxy for all requests and I can see https requests showing up in my squid access.log file (via the CONNECT method).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 Squid 2.7 则不能。使用 Squid 3.1,您可以,但是您会破坏安全性并且浏览器会抱怨。
要点是:Squid 无法看到 HTTPS 连接的 URL,因此您无法重写它们。浏览器使用一种特殊的方法通过称为 CONNECT 的代理来传输 HTTPS。在这种模式下,Squid 仅在浏览器和 Web 服务器之间转发字节,但从 Squid 的角度来看,它们只是字节,受 SSL 保护,因此无法看到它们。
Squid 3.1 有一个名为 sslbump 的功能,它允许“打开”SSL 连接执行中间人附加,但浏览器会检测到这一点,并且您会明显看到警告。
With Squid 2.7 you can't. With Squid 3.1 you could, but you'll break security and the browser will complain.
The point is: Squid can't see the URLs of HTTPS connections so you can't rewrite them. Browsers use a special method to traffic HTTPS throught proxies called CONNECT. In this mode, Squid only forward bytes between the browser and the web server, but from the Squid angle they are only bytes, secured with SSL, so there is no way to see them.
Squid 3.1 has a feature called sslbump, which allows to "open" SSL connection doing a man-in-the-middle-attach, but the browser will detect that and you'll see a warning obviously.