Al - Image Hosting Services wrote:
Hi,
I seem to have created a lot of problems for myself. We are using squid
with custom written software to filter web content. Because the server
is in one location and my users are in other locations and because of
the large number of hours spent helping people setup their computers to
use the proxy, I had software written to push everything on port 80,
443, and 21 to the squid servers and to prevent people from changing the
settings. This is where I ran into problems. Both https and ftp are
filtered fine when configured in the browser, but don't work when just
pushed to the proxy though the software. Since the software runs on the
end users computers, it seems like I should be able to make ftp and
https work. Does anyone have any suggestions on how to do this?
Best Regards,
Al
The problem you face is that both FTP and HTTPS are not HTTP. They
require special wrapping protocol actions to take place in order to
transfer them over HTTP.
FTP requires that the destination URL from the browser address bar be
sent unhandled to the proxy. Unless the browser is explicitly configured
to know about the proxy it will attempt to open native FTP connections
itself. To catch those you require an FTP proxy such as frox.
HTTPS requires a special CONNECT method open a tunnel through the proxy.
After which the native SSL wrappers can be sent down it. Very tricky to
do it without affecting the SSL transport but you might be able to catch
the HTTPS and do the wrapping yourself.
Or... you could use WPAD/PAC requests sent by the browsers when they
startup. That way you can send back a PAC file automatically configuring
the browsers to use the proxy.
Worst case there you might need to catch the browser WPAD requests,
which fortunately are HTTP, and maybe control DHCP.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
Current Beta Squid 3.1.0.14