Gregory Maxwell wrote:
Were we to move logged in users into SSL all sorts of
threats just go
away. Of course there is the little matter of plain squid not
supporting SSL offloading like some of the commercial reverse proxy /
acceleration solutions which would have to be resolved...
As I said in my post with subject "HTTPS virtual hosting", you can use LVS
to redirect HTTPS requests to wherever you like. We're using apache as an
HTTPS reverse proxy for
secure.wikimedia.org, but there's plenty of other
open source solutions to try if that doesn't prove to scale well enough.
-- Tim Starling