Re: [squid-users] WCCPv2 and HTTPS problems

From: Hemant Raj Chhetri <hemant@dont-contact.us>
Date: Wed, 07 Nov 2007 10:15:46 +0600

On Wed, 7 Nov 2007 12:45:11 +0900
  Adrian Chadd <adrian@creative.net.au> wrote:
> On Tue, Nov 06, 2007, Dalibor Dukic wrote:
>> Hi,
>>
>> I configured transparent squid box and WCCPv2 with CISCO
>>6k5. After some
>> time I noticed that clients have problems with HTTPS
>>sites. If I
>> manually configure proxy setting in browser and bypass
>>WCCP everything
>> goes OK.
>>
>> I'm using standard service group (web-cache). Maybe some
>>web server
>> check that HTTP and HTTPS request are coming with same
>>source address
>> and block HTTPS access. Clients and squid are on public
>>addresses and
>> this requests come with different source IPs. I can't
>>change this and
>> put clients and squid boxes behind NAT machine. :(
>> Is anyone notice that same behavior?
>> Maybe I can setup service-group with 80 and 443 port so
>>I can resolve
>> issues with different IPs, is this correct?
>
> Squid doesn't currently handle transparently
>intercepting SSL, even for
> the situation you require above.
>
> You should investigate the TPROXY Squid integration
>which, when combined
> with a correct WCCPv2 implementation and compatible
>network design,
> will allow your requests to look like they're coming
>from your client
> IPs.
>
> The other alternative is to write or use a very basic
>TCP connection proxy
> which will handle transparently intercepted connections
>and just connect
> to the original destination server. This will let the
>requests "come from"
> the same IP as the proxy.
>
> (Yes, I've done the above in the lab and verified the
>concept works fine.)
>
>
>
> Adrian
>
> --
> - Xenion - http://www.xenion.com.au/ - VPS Hosting -
>Commercial Squid Support -
> - $25/pm entry-level VPSes w/ capped bandwidth charges
>available in WA -

Hi Adrian,
           I am also facing the same problem with https
sites. Yahoo works fine with me but I am having problem
with hotmail. Please advice me on how do I handle this or
is there any guide which I can refer to.

Thanking you,
Hemant.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This footer space is available to carry your advertisements unobtrusively. Please contact 02-3226999 or email webmaster@druknet.bt for advertisement programs available.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Received on Tue Nov 06 2007 - 21:16:11 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST