If your Reflection for the Web shopper computer systems reside in a community that uses an HTTPS proxy server, a safe Reflection for the Web terminal session may either be capable to pass by way of the HTTPS proxy, or might should bypass the HTTPS proxy, relying on a number of elements. While HTTPS design efforts have been centered on finish-to-finish communication, it could also be good to be able to encrypt the browser-to-proxy connection (with out creating a CONNECT tunnel that blocks Squid from accessing and caching content material).
It is feasible to intercept an HTTPS connection to an origin server at Squid’s https_port This could also be useful in surrogate (aka, http accelerator, reverse proxy) environments, but limited to situations the place Squid can represent the origin server using that origin server SSL certificates.
Once you could have decided whether Reflection ought to bypass or move via the HTTPS proxy server, and whether or not to configure these settings by way of the browser or via the session net page, observe the instructions below to make the required modifications to your set up.
TBD: Document what occurs of Squid does intercept a CONNECT request, both as a result of Squid was misconfigured to intercept site visitors destined to a different proxy OR because a presumably malicious client despatched a handmade CONNECT request understanding that it will be intercepted.
If your HTTPS proxy server makes use of a distinct authentication scheme (resembling Microsoft NTLM Challenge/Response authentication), safe Reflection for the Web classes can be unable to go through the HTTPS proxy server and you’ll need to bypass the HTTPS proxy.