Search squid archive

Re: WCCPv2 and HTTPS problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adrian Chadd wrote:
On Wed, Nov 07, 2007, Dalibor Dukic wrote:

OK, but when I put proxy settings manually in browser even for SSL,
SQUID will just start passing data from client to server. I can't do
this with WCCP ?

No. The browser wraps up the SSL requests in a normal HTTP request ("CONNECT");
transparently intercepted SSL requests look like SSL and not like HTTP.
Squid knows about the former but not currently about the latter.

You should investigate the TPROXY Squid integration which, when combined
with a correct WCCPv2 implementation and compatible network design,
will allow your requests to look like they're coming from your client
IPs.
Does  TPROXY functionality requires any modification to kernel code
especially netfilter part?

Yes.

I think this would solve the problems I facing with. I'll try this if
this is only solution and give info to group.

Good luck!


This issue appears to be a direct interception corrollary to the SSL-bump recently sponsored for inclusion into squid3.1. Perhapse with some additional sponsorship someone with SSL experience will find the time to do the interception-tunnelling side of it.

Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux