Re: [squid-users] HTTPS CONNECT issue

From: Joe Cooper <joe@dont-contact.us>
Date: Wed, 09 Jan 2002 10:08:45 -0600

Francis Turner wrote:

> Robert Collins wrote:
>
> > ----- Original Message -----
> <snip>
> > See the Squid FAQ, look for "I'm behind a firewall". (hint: never_direct
> > is your friend.
> >
>
> Thanks. I looked at that and got confused.
>
> Note that I already have the setup corretc for HTTP. That is to say HTTP
> requests are correctly transparently cached/proxied by squid and then
> forwarded to the upstream firwall/proxy if necessary.
>
> Bear with me please while I try and understand this.
>
> What I think my
> config is doing is transparently caching and próxying port 80 only. So
> therefore port 443 is passed though untouched.
>
> If I want port 443 to be proxied transparently I have to add another
> httpd_accel_port line as well? [I tried this and it breaks the
> transparent proxy completely even for regular http]
>
> Then as well as that I also need to add a couple of lines like
> never_direct deny localnet localhost
> never_direct allow all
>
> which should be placed below the "http_access deny all" line?
> I have also tried this with and without the above httpd_accel_port
> change and https doesn't work.

Robert missed the bit of your first post about transparent redirection
(or he mentally blocked it out, as interception proxying gives him fits
;-). You cannot transparently redirect SSL packets to Squid--it doesn't
know what to do with them. It will not work.

If you were using any form of traditional proxying, Robert's FAQ pointer
would be quite sound advice, and you probably wouldn't be having this
trouble.

-- 
Joe Cooper <joe@swelltech.com>
http://www.swelltech.com
Web Caching Appliances and Support
Received on Wed Jan 09 2002 - 09:07:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:47 MST