Search squid archive

Re: WCCPv2 and HTTPS problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2007-11-07 at 12:45 +0900, Adrian Chadd wrote:
> On Tue, Nov 06, 2007, Dalibor Dukic wrote:
> > Hi,
> > 
> > I configured transparent squid box and WCCPv2 with CISCO 6k5. After some
> > time I noticed that clients have problems with HTTPS sites. If I
> > manually configure proxy setting in browser and bypass WCCP everything
> > goes OK. 
> > 
> > I'm using standard service group (web-cache). Maybe some web server
> > check that HTTP and HTTPS request are coming with same source address
> > and block HTTPS access. Clients and squid are on public addresses and
> > this requests come with different source IPs. I can't change this and
> > put clients and squid boxes behind NAT machine. :(
> > Is anyone notice that same behavior? 
> > Maybe I can setup service-group with 80 and 443 port so I can resolve
> > issues with different IPs, is this correct?
> 
> Squid doesn't currently handle transparently intercepting SSL, even for
> the situation you require above.

OK, but when I put proxy settings manually in browser even for SSL,
SQUID will just start passing data from client to server. I can't do
this with WCCP ?

> You should investigate the TPROXY Squid integration which, when combined
> with a correct WCCPv2 implementation and compatible network design,
> will allow your requests to look like they're coming from your client
> IPs.

Does  TPROXY functionality requires any modification to kernel code
especially netfilter part?   
I think this would solve the problems I facing with. I'll try this if
this is only solution and give info to group. 

> The other alternative is to write or use a very basic TCP connection proxy
> which will handle transparently intercepted connections and just connect
> to the original destination server. This will let the requests "come from"
> the same IP as the proxy.


Thnak You, Adrian 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux