On Wed, 7 Nov 2007 12:45:11 +0900
Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
On Tue, Nov 06, 2007, Dalibor Dukic wrote:
Hi,
I configured transparent squid box and WCCPv2 with CISCO
6k5. After some
time I noticed that clients have problems with HTTPS
sites. If I
manually configure proxy setting in browser and bypass
WCCP everything
goes OK.
I'm using standard service group (web-cache). Maybe some
web server
check that HTTP and HTTPS request are coming with same
source address
and block HTTPS access. Clients and squid are on public
addresses and
this requests come with different source IPs. I can't
change this and
put clients and squid boxes behind NAT machine. :(
Is anyone notice that same behavior?
Maybe I can setup service-group with 80 and 443 port so
I can resolve
issues with different IPs, is this correct?
Squid doesn't currently handle transparently
intercepting SSL, even for
the situation you require above.
You should investigate the TPROXY Squid integration
which, when combined
with a correct WCCPv2 implementation and compatible
network design,
will allow your requests to look like they're coming
from your client
IPs.
The other alternative is to write or use a very basic
TCP connection proxy
which will handle transparently intercepted connections
and just connect
to the original destination server. This will let the
requests "come from"
the same IP as the proxy.
(Yes, I've done the above in the lab and verified the
concept works fine.)
Adrian
--
- Xenion - http://www.xenion.com.au/ - VPS Hosting -
Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges
available in WA -
Hi Adrian,
I am also facing the same problem with https
sites. Yahoo works fine with me but I am having problem
with hotmail. Please advice me on how do I handle this or
is there any guide which I can refer to.
Thanking you,
Hemant.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This footer space is available to carry your advertisements unobtrusively. Please contact 02-3226999 or email webmaster@xxxxxxxxxx for advertisement programs available.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
