Search squid archive

Re: SSL sites bypass authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19.03.2012 07:35, Amos Jeffries wrote:
> Tried the current 3.1.19 release?
> 
> Is the second HTTPS request even going through the proxy?
> 
> What is the rest of the config look like?
> The partial piece of config you posted has no holes which this could be
> using.
> 
> Amos
Hi,

Thank you for your response.
You are right that the https requests are not going through the proxy. I
can confirm with tcpdump that the traffic to the https sites is going
directly. In the access logs there are many TCP_DENIED messages at the
same time to some http addresses, which seem to be links in the https
site. It seems if client refuses authentication and he tries to open
https site he can open it directly, but if there are any http links in
the sites they go through the proxy and are denied. Also this seems not
to be a browser problem as I can confirm the same behavior with firefox
and opera on linux. According to me the right behavior should be to deny
the user access to the https site and to present him an error page.

--

Milen


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux