Re: [squid-users] transparent proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 01 Feb 2012 14:59:13 +1300

On 01.02.2012 12:17, jp_listero wrote:
> Hi all,
>
> I'm at opensuse 12.1 ... with his susefirewall2 ...
> I configure a transparent proxy ... all most everything works fine
> ...
> when I try to connect a https site I have different errors:
>
> from messages:
> Jan 31 21:12:26 ladificil squid[2588]: parseHttpRequest: Unsupported
> method '#026#003#001'
> Jan 31 21:12:26 ladificil squid[2588]: clientTryParseRequest: FD 16
> (192.168.1.110:1191) Invalid Request
> Jan 31 21:12:26 ladificil squid[2588]: parseHttpRequest: Unsupported
> method '#026#003#001'
>
> from access.log
> 1328051587.156 0 192.168.1.110 TCP_DENIED/400 1542 NONE NONE://
> -
> NONE/- text/html
> 1328051587.178 0 192.168.1.110 TCP_DENIED/400 1541 NONE NONE://
> -
> NONE/- text/html
>
> It's possible to work ssl connexions throw a transparent proxy ?

WPAD transparently/automatic *configured* proxies yes. Others, no.

> If I set the configuration manually at the browser, works perfect.

Of course. When the browser is aware of the proxy it uses an
HTTPS-over-HTTP protocol (via CONNECT requests). Squid supports that
HTTP request type. Port 443 uses an HTTP-over-SSL protocol designed to
prevent transparent proxies capturing the *secure* traffic.

Amos
Received on Wed Feb 01 2012 - 01:59:17 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 01 2012 - 12:00:03 MST