Hi All, I have a configuration as given below: client <------> downstream-proxy <------> upstream-proxy <-------> cloud downstream proxy is always squid, while upstream proxy is either squid or bluecoat. When SSL termination enabled on downstream proxy, I noticed traffic between down-stream and upstream-proxy is not encrypted. That results in failures when upstream proxy is bluecoat. It returns "400 Bad request" error. The root cause is bluecoat always wants "https" traffic to be encrypted. For example, if below data ( a plain text request https://accounts.google.com) is sent to bluecoat, bluecoat will return a "400 Bad request" error, but squid will happily get the response and send back to the client program. GET https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1<mpl=default<mplcache=2 HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-IN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.3; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Via: 1.1 taarusg (squid/3.1.11) X-Forwarded-For: 192.168.119.8 Cache-Control: max-age=259200 Connection: keep-alive On the other hand if I disable SSL termination on the downstream proxy, everything works just fine. My requirement is http traffic between upstream and downstream proxy should be always non-encrypted. While in case of HTTPS, traffic between downstream and upstream proxy should never be non-encrypted. How can I configure downstream squid to always use "HTTP CONNECT" in case of for HTTPS even when SSL termination enabled on the downstream proxy ? Any help is greatly appreciated. Regards, Nipun Talukdar Bangalore India
