Search squid archive

Re: CONNECT method support(for https) using squid3.1.0.6 + tproxy4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hi, all
>
> Now, I evaluate the squid3.1.0.6 + tproxy4 environment like the
> following network.
>
>             (1)                     (2)
>
>              |                       |
>   +------+   |     +------------+    |    +---------+
>   |WWW   +---+     |            |    +----+ WWW     |
>   |Client|.2 |   .1| squid      |.1  |  .2|  Server |
>   +------+   +-----+   + tproxy +----+    |(tcp/443)|
>              |     | (tcp/8080) |    |    |(tcp/80) |
>              |     +------------+    |    +---------+
>        192.168.0.0/24          10.0.0.0/24
>
>   (1) 192.168.0.2 ------>  192.168.0.1:8080
>   (2) 192.168.0.2 ------>  10.0.0.2:80
>
> HTTP communication is completely OK !
> but in HTTPS(using CONNECT method) case
>
>   (1) 192.168.0.2 ------>  192.168.0.1:8080
>   (2) 192.168.0.2 ------>  10.0.0.2:443
>                                     ^^^^
> the following error occurred.
>
>> commBind: Cannot bind socket FD 12 to 192.168.0.2: (99) Cannot
>>           assign requested address
>
> I think that tunnelStart()#tunnel.cc don't support "COMM_TRANSPARENT"
>
>> tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int*
>> status_ptr)
>> {
>>  ... snip ...
>>    sock = comm_openex(SOCK_STREAM,
>>                       IPPROTO_TCP,
>>                       temp,
>>                       COMM_NONBLOCKING,  // need COMM_TRANSPARENT
>>                       getOutgoingTOS(request),
>>                       url);
>>  ... snip ...
>
> What do you think ?

HTTPS encrypted traffic cannot be intercepted.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux