Gregory Maxwell wrote:
Were we to move logged in users into SSL all sorts of threats just go away. Of course there is the little matter of plain squid not supporting SSL offloading like some of the commercial reverse proxy / acceleration solutions which would have to be resolved...
As I said in my post with subject "HTTPS virtual hosting", you can use LVS to redirect HTTPS requests to wherever you like. We're using apache as an HTTPS reverse proxy for secure.wikimedia.org, but there's plenty of other open source solutions to try if that doesn't prove to scale well enough.
-- Tim Starling