I'm exploring some uses with Squid proxy 2.7 and I have seen a good number of examples for url rewrites that take urls such as: http: //somesitename.com and then the rewriter can change the url to: https: //somesitename.com
And those examples work great.
What I'm wondering though, is if its possible to do the reverse with a squid url rewriter. that is, to go from https: //somesitename.com to http: //somesitename.com ?
Simply trying to edit the script file that handles the rewrites doesn't seem to do the trick. So I was wondering if there are some certain things I have to configure squid to do first, if its even possible to do what I am asking.
I have my browser manually set up to have squid as a proxy for all requests and I can see https requests showing up in my squid access.log file (via the CONNECT method).
With Squid 2.7 you can't. With Squid 3.1 you could, but you'll break security and the browser will complain.
The point is: Squid can't see the URLs of HTTPS connections so you can't rewrite them. Browsers use a special method to traffic HTTPS throught proxies called CONNECT. In this mode, Squid only forward bytes between the browser and the web server, but from the Squid angle they are only bytes, secured with SSL, so there is no way to see them.
Squid 3.1 has a feature called sslbump, which allows to "open" SSL connection doing a man-in-the-middle-attach, but the browser will detect that and you'll see a warning obviously.