-1

I'd like to configure Squid 3.5 (or anything else that could do the job) to act as both a reverse proxy and a forward proxy on the same port.

Leaving a port in the default forward proxy mode makes Squid return an error, when receiving a GET / request, as it expects to see a protocol and hostname. Configuring it in the accel reverse proxy mode makes it not support the CONNECT method.

I see that older versions of Squid had a httpd_accel_with_proxy config option, but it's deprecated now. I've also tried adding the protocol and hostname to requests that begin with / using the url_rewrite_program config option, but Squid appears to check url validity before rewriting them.

kranklis
  • 31
  • 4
  • 1
    Why do you want to do this? Typically a forward proxy is used to cache or restrict internet traffic, outgoing requests. A reverse proxy is usually used to cache incoming requests, or load balance across many servers. They're different functions, often on different servers, and are quite different functions. Why do you need them on the same server / port? – Tim Feb 24 '19 at 21:25
  • @Tim I want to make a forward proxy on the https port to hide my origin from websites and my destination from local network eavesdroppers. But I'd also like for it to appear as web host, not a proxy, to said eavesdroppers and bots scanning well known ports. – kranklis Feb 24 '19 at 21:40
  • 1
    I'm not sure your approach is viable. I suggest a better approach would be to ask another question that more clearly outlines your desired end result, including why you want to do this, and ask the community for suggestions. – Tim Feb 24 '19 at 21:45
  • That's not how you do it. You don't make a "reverse proxy", you implement access control. – Michael Hampton Feb 24 '19 at 22:15
  • @MichaelHampton Care to elaborate? I have access control lists. The domain I want my proxy to appear to be hosting is in the first acl, which is allowed `http_access`. To reach anything else, you need to be in the `authenticated_users` acl. Doesn't make a port in the forward proxy mode to understand `GET /` as `GET http://not-a-proxy.example.com/` – kranklis Feb 24 '19 at 22:30
  • You should not be trying to make a reverse proxy appear to be hosting anything at all! – Michael Hampton Feb 24 '19 at 23:46
  • @MichaelHampton I guess I could have phrased it better. My goal is to make my forward proxy appear to be hosting a website. To that end, I wanted it to also act as a reverse proxy on the same port I would be using for forward proxying. – kranklis Feb 24 '19 at 23:57
  • I understood, the point is that you should not be trying to do that. – Michael Hampton Feb 25 '19 at 00:43
  • @MichaelHampton and could you please explain what makes you say that? – kranklis Feb 25 '19 at 00:50

1 Answers1

0

To answer my own question, Apache's mod_proxy and its submodule mod_proxy_connect suit my needs perfectly. You can turn any virtual host into a forward proxy with SSL and authentication.

Even if you don't want your proxy to appear as a web server, if you just want a forward proxy, I'd say it's easier to set up than Squid, considering that doesn't support SSL out of the box.

kranklis
  • 31
  • 4