As a common proxy server software in the field of network security, Squid is widely used in many enterprises and individual users. However, there are many first contact Squid friends are always confused by the question: Squid proxy using what tunnel? Today, we will unveil this mystery and explore the tunneling technology of the Squid proxy.
I. HTTP Tunneling
First, let's introduce the most common tunneling technique in Squid proxies - HTTP tunneling.
With the rapid development of the Internet, the HTTPS protocol has gradually become the mainstream protocol for network communication. However, since the data in the HTTPS protocol is encrypted, traditional HTTP proxies are unable to directly parse and forward this data. To address this problem, Squid introduces HTTP tunneling technology.
HTTP Tunneling allows the Squid proxy server to establish a tunnel with the target server via the HTTP protocol and forward the encrypted data sent by the client to the target server as is. In this way, the Squid proxy does not need to decrypt the HTTPS data to be able to process it properly and forward it to the client. This enables the Squid proxy to support the HTTPS protocol.
II. SOCKS tunneling technology
In addition to HTTP tunneling, the Squid proxy supports another tunneling technology, SOCKS tunneling.
Unlike HTTP tunneling, SOCKS tunneling is a general-purpose tunneling technology that supports not only the HTTP protocol, but also other common application-layer protocols, such as FTP, SMTP, and so on.
Using SOCKS tunneling technology, the Squid proxy can forward client requests to the target server via the SOCKS protocol. Because the SOCKS protocol is more generalized, the Squid proxy does not need to care about specific application layer protocols when forwarding these requests, and only needs to follow the requirements of the SOCKS protocol for data transmission.
III. Code examples
In order to better understand and apply the tunneling technology of the Squid proxy, we give some sample code below.
1. HTTP tunneling technology code example:
http_port 8080
http_access allow all
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access deny all
cache_peer proxy.example.com parent 8080 0 no-query default
never_direct allow all
ssl_bump none localhost
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
2. SOCKS tunneling technology code example:
http_port 8080
http_access allow all
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access deny all
cache_peer proxy.example.com parent 8080 0 no-query default
never_direct allow all
acl CONNECT_WITH_SOCKS dst_port 1080
tcp_outgoing_address proxy.example.com CONNECT_WITH_SOCKS
With the above sample code, you can learn how to configure the Squid proxy server to implement HTTP tunneling and SOCKS tunneling technology.
put at the end
Through this article on the tunneling technology used by the Squid proxy to explain in detail, I believe you have a deeper understanding of the tunneling technology of the Squid proxy. Whether it is HTTP tunneling technology or SOCKS tunneling technology, they all bring greater flexibility and functionality for the Squid proxy scalability. I hope that the introduction of this article can help you better use and configure the Squid proxy. On the road to network security, let the Squid proxy become your indispensable right-hand man!