Discussion:
HTTPS proxy
Blaxton
2016-06-06 19:45:06 UTC
Permalink
Hi
IS ATS only HTTP proxy , or it is HTTP/HTTPS proxy.
Does ATS support other protocols , like FTP , SMTP or FTP ?
How can I set never-cache for every thing ?We only need a forward proxy with no cache and no filter.
Thanks
Reindl Harald
2016-06-06 19:49:05 UTC
Permalink
Post by Blaxton
IS ATS only HTTP proxy , or it is HTTP/HTTPS proxy.
ats perfectly supports TLS but i only can talk about a reverse-proxy and
doing TLS-offloading meaning the backend connection is unencrypted and
only ATS is responsible for TLS stuff
Post by Blaxton
Does ATS support other protocols , like FTP , SMTP or FTP ?
no
Post by Blaxton
How can I set never-cache for every thing ?
We only need a forward proxy with no cache and no filter
what is the purpose of doing this?

while i find a forward proxy in general questionable i don't find any
sense if it don't useful operations like caching and filtering and so
only increases latency for no benfit
Blaxton
2016-06-06 23:51:34 UTC
Permalink
We use forward proxy to access internet.This is to reduce number of ip addresses accessing outside on our firewall.we only open port for proxy server ip address rather than putting hole for each client.
no need for cache data since data changes all the time and it might confuse applications as well.
So we can use HTTP proxy to pass through but end to end can be encrypted using HTTPS ?



From: Reindl Harald <***@thelounge.net>
To: ***@trafficserver.apache.org
Sent: Monday, June 6, 2016 2:49 PM
Subject: Re: HTTPS proxy
Post by Blaxton
IS ATS only HTTP proxy , or it is HTTP/HTTPS proxy.
ats perfectly supports TLS but i only can talk about a reverse-proxy and
doing TLS-offloading meaning the backend connection is unencrypted and
only ATS is responsible for TLS stuff
Post by Blaxton
Does ATS support other protocols , like FTP , SMTP or FTP ?
no
Post by Blaxton
How can I set never-cache for every thing ?
We only need a forward proxy with no cache and no filter
what is the purpose of doing this?

while i find a forward proxy in general questionable i don't find any
sense if it don't useful operations like caching and filtering and so
only increases latency for no benfit
Leif Hedstrom
2016-06-07 01:40:53 UTC
Permalink
Post by Blaxton
So we can use HTTP proxy to pass through but end to end can be encrypted using HTTPS ?
ATS supports the CONNECT method, for blind tunneling of HTTPS. Your clients will have to be configured to use the ATS boxes for HTTPS as well as HTTP proxy.

— Leif
Blaxton
2016-06-07 17:39:33 UTC
Permalink
For blind tunneling, Is there going to be two ports LISTENING on ATS, one for HTTP and one for HTTPS and blind tunneling to provide connect method ?or both connect method and HTTP connection can be served with one port.
And we need to know if we can disable cache for every thing.
Thanks  

From: Leif Hedstrom <***@apache.org>
To: ***@trafficserver.apache.org; Blaxton <***@yahoo.com>
Sent: Monday, June 6, 2016 8:40 PM
Subject: Re: HTTPS proxy



On Jun 6, 2016, at 5:51 PM, Blaxton <***@yahoo.com> wrote:


So we can use HTTP proxy to pass through but end to end can be encrypted using HTTPS ?

ATS supports the CONNECT method, for blind tunneling of HTTPS. Your clients will have to be configured to use the ATS boxes for HTTPS as well as HTTP proxy.
— Leif
Leif Hedstrom
2016-06-07 18:08:02 UTC
Permalink
Post by Blaxton
For blind tunneling, Is there going to be two ports LISTENING on ATS, one for HTTP and one for HTTPS and blind tunneling to provide connect method ?
or both connect method and HTTP connection can be served with one port.
No, one port (typically 8080, but doesn’t really matter). Most browsers until recently do not support CONNECT over HTTPS, i.e. it has to be over non-TLS. I think Chrome and Firefox have added support for doing CONNECT tunneling over HTTPS, which hides the hostname from pervasive monitoring.

— leif
gksalil
2017-03-09 06:46:36 UTC
Permalink
So what is the basic settings required for ATS to support CONNECT method.
I am also facing the same problem. My requirement is to configure ATS as a
forward proxy to support both HTTP and HTTPS origin servers.
Do I need to keep the certificate(s) of origin servers if I need to forward
packets to https servers ?





--
View this message in context: http://apache-traffic-server.24303.n7.nabble.com/HTTPS-proxy-tp2413p3030.html
Sent from the Apache Traffic Server mailing list archive at Nabble.com.
Continue reading on narkive:
Loading...