Search squid archive

RE: HTTPS traffic not being forwarded to upstream proxy.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: squid user [mailto:squid_user@xxxxxxxxxxxxx]
> Sent: Wednesday, February 01, 2006 7:27 AM
> To: mark.elsen@xxxxxxxxx
> Cc: squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  HTTPS traffic not being forwarded 
> to upstream
> proxy.
> 
> >On 2/1/06, squid user <squid_user@xxxxxxxxxxxxx> wrote:
> > > Hi,
> > >
> > > I have a Squid 2.5 stable 11 proxy forwarding traffic to 
> > > an upstream proxy
> > > based on domain. This works fine for HTTP traffic, but 
> > > HTTPS traffic is
> > > flowing directly from the downstream proxy to the internet.
> > >
> > > Would anyone give me any pointers as to an access list or 
> > > other strategy I
> > > can use to ensure that HTTPS traffic flows to the 
> > > upstream proxy? Here's
> > > what I have at the moment...
> > >
> > > acl forwardTraffic dstdomain .co.uk
> > > cache_peer 172.21.118.118 parent 3128 0 proxy-only no-query
> > > cache_peer_access 172.21.118.118 allow forwardTraffic
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >Try changing the above line into :
> >
> >           never_direct allow forwardTraffic
> >
> > > cache_peer_access 172.21.118.118 deny all
> > >

Not such a good idea.  Now you are saying that .co.uk can't go direct (fine) but that no requests can use the cache_peer (whoops).  Hence the problem seen below...

> >
> >  M.
>
> 
> Hi Mark,
> 
> Thanks for getting back to me, but unfortunately that didn't work.
> 
> On the browser I see:
> 
> "The following error was encountered:
> 
>     * Unable to forward this request at this time.
> 
> This request could not be forwarded to the origin server or 
> to any parent 
> caches. The most likely cause for this error is that:
> 
>     * The cache administrator does not allow this cache to 
> make direct 
> connections to origin servers, and
>     * All configured parent caches are currently unreachable."
> 
> And in the squid log I see, using ebay.co.uk for example...
> 
> Failed to select source for 'http://www.ebay.co.uk'
> always_direct = 0
> never_direct = 1
> timed_out = 0
> 
> Cheers
> 
> SU
> 
> 

I'd say either add the never_direct line to what you have (cache_peer_access) or get rid of the cache_peer_access lines, and ONLY have the never_direct.  Otherwise, if you want to direct ALL ssl traffic through your parent cache, "cache_peer_access 172.21.118.118 allow CONNECT" will do it.

Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux