Hi amos, 2012/7/14 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 14/07/2012 3:22 a.m., Abdessamad BARAKAT wrote: >> >> Hi, >> >> 1) HTTPS Interception >> >> I try to setup https transparent configuration with squid 3.1.20 >> >> The traffic was correctly forwarded to the proxy port 3129 via WCCP >> (Cisco ASA GW) , but the proxy doesn't use ssl connection to join the >> final server but a clear http connection with port 80 >> >> The flow client --> squid proxy use correctly ssl with the squid's >> certificate >> >> Any idea why the squid don't use a https connection to join the final >> server ? > > > Squid-3.1 is not designed for HTTPS interception. You require features only > available in the 3.2 series. > > But I can understand why squid can intercept the https connection from the client, and after that doesn't make a https session but a http session to the final server > >> >> 2) FTP Interception >> >> If I understand correctly, squid can handle FTP transparent use with >> browser's use (FTP native client not suppported) > > > There is nothing transparent about that. The browser tells Squid what URL to > fetch from FTP parts of the Internet. Squid produces an HTTP object for the > browser. > > >> >> I have configured only WCCP stuff, nothing about FTP on squid and I >> can see the 3-way handshake was established correctly between the >> client and the proxy, but after that nothing... > > > What proxy? Not Squid, because Squid would be sending HTTP erorr codes, not > FTP handshake codes. Yes with squid, but I use a http browser (with a url like ftp://ftp.toto.com), the tcp connection was established but after that, nothing Squid can't handle ftp connections with a web browser ? I know he can't handle native ftp client > >> >> If I want to use a native ftp client, anyone can suggest me a good ftp >> transparent proxy ( I see frox or ftp-proxy but theses softwares >> doesn't seem maintained or have a recent stable version) > > > Release date is not a good measure of usefulness. The FTP protocol has not > changed in years, so there is no new features to be added to a well written > FTP proxy. > > Amos > Many thanks amos
