I am currently using a PC (OS13.2 32bit) as gateway to the internet. It’s also offers DHCP and DNS for the LAN (internal). Squid is running for all HTTP requests from the LAN as a transparent proxy. So far so good.
Now I want that every internal HTTP request is taken by Squid and Squid then uses SSL to create an external SSL connection with the requested website. That means inside (LAN) I us simply HTTP and not HTTPS,no SSL. But Squid should turn automatically an internal HTTP into an external HTTPS, which would allow Squid also to act as a cache.
I found the ssl_bump directive in Squid, but all examples use SSL both internal and external. I think that would be overkill for my LAN (family LAN) . Behind the gateway there is absolutly no need to use ssl.
Probably the simplest way is not to do it in Squid but in your web browser. “HTTPS Everywhere” is deployable as a plugin for FF, Chrome (family, including Chromium), Opera and if anyone reading this is running Android. https://www.eff.org/https-everywhere
With this plugin installed, anytime a URL is opened an SSL connection is first attempted, if it fails then falls back to original URL without SSL.
My childen use their tablets (android) at home and they are using HTTP and not HTTPs. As I don’t know how to ensure that the Androids always use HTTPS, I would like to have a proxy in between their tablets and the wild, wild internet which uses HTTPS for everything going outside. Commercial and government criminals are peeping on all our data - so I want to make it as safe as possible. So, frankly said, I feel safer with a proxy than with a direct HTTPS connections.
If the device is a mobile OS like Android, you should look for any such software in that device’s “store.” So, for instance if your Android devices aren’t Kindle, Nook, etc. you should find a “Google Play Store” on your device (even highly modified Android sometimes also include the Play Store).
I would guess on any device or system running any of the OS I described, if you open the link I posted to the EFF, clicking on the appropriate OS logo should take you to the page or store that should install what you want.
If you want to do this in squid, you may need to ask on a squid list. Although I can envision the code required to conditionally try an HTTPS connection before falling back to HTTP (I assume you wouldn’t want to deny any website that was HTTP only), this is the kind of thing where if you created the code yourself it might be easy to overlook some kind of logic… So, if the code already exists somewhere it’d probably be already reliable.
Or, I guess if you might be an enterprising individual you could inspect the EFF plugin code and port it to your squid.