Hi Tek, On Thu, 2007-11-08 at 13:09 +0545, Tek Bahadur Limbu wrote: > Hi Dalibor, > > Dalibor Dukic wrote: > > On Wed, 2007-11-07 at 17:15 +0545, Tek Bahadur Limbu wrote: > >> Hi Adrian, > >> > >> Adrian Chadd wrote: > >>> On Wed, Nov 07, 2007, Hemant Raj Chhetri wrote: > >>> > >>>> Hi Adrian, > >>>> I am also facing the same problem with https > >>>> sites. Yahoo works fine with me but I am having problem > >>>> with hotmail. Please advice me on how do I handle this or > >>>> is there any guide which I can refer to. > >>> I don't know of an easy way to handle this, I'm sorry. I know how I'd handle > >>> it in Squid-2.6 but it'd require a couple weeks of work and another few weeks > >>> of testing. > >> I have 2 FreeBSD-6.2 transparent Squid proxies using WCCP2 with a Cisco > >> 3620 router. Up till now, I am not facing any HTTPS problem. At least, > >> nobody is complaining about Hotmail and Yahoo web mail services. > > > > Are clients on private address space? If You NATed clients and squid on > > same address web server see just one address. > > My clients are all using public IP addresses. > > > > >>> (Considering how much of a problem this has caused people in the past I'm > >>> surprised a solution hasn't been contributed back to the project..) > >> Maybe, the solution lies on the setup of the Operating System, Squid and > >> Router itself. > > > > I don't think so. HTTPS request are not forwarded to squid box in > > web-cache service group only port HTTP. > > Yes I know that Squid does not handle HTTPS requests which leads to > another question. If HTTPS does not go through Squid, then does WCCP see > them or how does WCCP handle them if at all? > > We all know since the beginning when we started learning and using Squid > that intercepting or transparent proxy servers will cause some problems > down the way. In fact, all softwares will cause some problems. Maybe > this is one of the problems. I totally agree with You, but I think that most problems with transparent proxy-ing with WCCP lies in cisco wccp implementation. Yesterday I move redirection point to Catalyst 6506 (Version 12.2(18)SXD7bRELEASE SOFTWARE ) and for now everything looks good, even HTTPS. :) I hope it will stay like this. > In fact, I had been facing this Hotmail and Yahoo HTTPS problem with > Squid-2.5 in the past. I can't remember exactly how I got it solved. On > one occasion, routing solved the problem and in another case, a firewall > modification solved the problem. > > Maybe the problem still exists now but somehow it has not caught my > attention for which I am happy :) > > But sooner or later, I'm sure this problem will again pop up on my > proxies too and users will be banging my phone! I guess somebody or one > of us on this list has to do some really complete analysis and study > using whatever tools is required to solve this problem once and for all. > > > Thanking you... Best regards, Dalibor > > > > >> Thanking you... > >> > >> > >>> > >>> > >>> Adrian > >>> > >> > > > > > > > > > >
