On 13/05/11 06:40, troxlinux wrote:
Hi list, I have the following problem in my centos 5.6, I am using it
for proxy and filter of content with they squid+havp+dansguardian, the
server has one network card and I cannot put another one, I do not
have slot pci, I cannot put it in transparent way, all the clients
proxy has manual, the detail is that when I acces to pages like
hotmail, gmail etc etc does not open the sites with https
my diagram is
pc Lan ===dansguardian port 8080 + squid 3128 localhost + havp 8090
I have open port in my firewall 8080 , but the problem is when access
a pages with https not load
this is mi log in squid
172.16.9.171 TCP_MISS/200 340 GET http://www.hotmail.com -
DEFAULT_PARENT/127.0.0.1 text/html
any idea?
Versions would be helpful.
Your log show a success (status 200) reply using HTTP protocol.
The only thing strange is that "http://www.hotmail.com"; always replies
with a 302 redirect for me, never 200.
This 200 response is coming out of HavP (127.0.0.1). Whether it is
casued there or at the origin we can't tell yet.
HTTPS uses CONNECT requests. CONNECT only send the domain:port or
IP:port for the URL, and will always have unknown (infinite) body size
for both request and reply. So be extra careful about what filters you
try an make them pass in DG and HavP.
Squid will attempt to open a direct TCP connection (bypassing havp)
and pass the SSL encrypted data down it unless you configure
"nonhierarchichal_direct off".
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
