Re: [squid-users] Squid SSL Bump transparently CONNECT for another proxy

From: Antony Stone <Antony.Stone_at_squid.open.source.it>
Date: Sat, 7 Jun 2014 16:46:57 +0100

On Saturday 07 June 2014 at 14:33, Jatin Bhasin wrote:

> Hello,
>
> 1) PROXY2 is not configured to bump the traffic and I cannot remove it
> from the set up.

You don't need a bump if the client is configured to use Proxy2 as a proxy.

> 2) PROXY2 is listening on port 3128. I have to intercept proxy port
> because all the requests are going to PROXY2 on port 3128 and I have
> to bump it.

Why do you "have to bump it"?

> Currently Client is connecting to PROXY2 and I cannot change
> configuration on PROXY2 to bump the traffic neither I can remove it
> from the netwrok setup.

So, client is connecting to Proxy2 with a proxy request - Proxy2 should then
make the request and return the content. What's the problem?

> So is this all possible?

Sorry, I'm still trying to work out not whether it's posible, but why it's
necessary.

A client configured to use a proxy has been able to make SSL/HTTPS requests
for years - way before Squid's bump feature became available.

It's only when the proxy (Proxy2 in this case) is configured to intercept
traffic in transparent mode that you can't proxy HTTPS requests and have to
handle that traffic some other way, but that doesn't appear to be the
situation in your case:

 - the client is configured to use a proxy
 - Proxy2 is not running in transparent intercept mode

so again, what doesn't work, which means you need to introduce Proxy1?

Antony.

-- 
Tinned food was developed for the British Navy in 1813.
The tin opener was not invented until 1858.
                                                     Please reply to the list;
                                                           please don't CC me.
Received on Sat Jun 07 2014 - 15:47:07 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 08 2014 - 12:00:04 MDT