On 16/07/2012 7:54 p.m., Abdessamad BARAKAT wrote:
Hi amos,
2012/7/14 Amos Jeffries:
On 14/07/2012 3:22 a.m., Abdessamad BARAKAT wrote:
Hi,
1) HTTPS Interception
I try to setup https transparent configuration with squid 3.1.20
The traffic was correctly forwarded to the proxy port 3129 via WCCP
(Cisco ASA GW) , but the proxy doesn't use ssl connection to join the
final server but a clear http connection with port 80
The flow client --> squid proxy use correctly ssl with the squid's
certificate
Any idea why the squid don't use a https connection to join the final
server ?
Squid-3.1 is not designed for HTTPS interception. You require features only
available in the 3.2 series.
But I can understand why squid can intercept the https connection from
the client, and after that doesn't make a https session but a http
session to the final server
2) FTP Interception
If I understand correctly, squid can handle FTP transparent use with
browser's use (FTP native client not suppported)
There is nothing transparent about that. The browser tells Squid what URL to
fetch from FTP parts of the Internet. Squid produces an HTTP object for the
browser.
I have configured only WCCP stuff, nothing about FTP on squid and I
can see the 3-way handshake was established correctly between the
client and the proxy, but after that nothing...
What proxy? Not Squid, because Squid would be sending HTTP erorr codes, not
FTP handshake codes.
Yes with squid, but I use a http browser (with a url like
ftp://ftp.toto.com), the tcp connection was established but after
that, nothing
This means little. The browser could be passing HTTP request for ftp://
to Squid or it could be passing FTP traffic to ftp.toto.com.
Squid *cannot* intercept the FTP traffic port(s).
Squid can't handle ftp connections with a web browser ? I know he
can't handle native ftp client
When the browser is using FTP protocol there is no difference between it
and a native FTP client.
When it is sending ftp:// URL to a HTTP proxy it uses HTTP protocol.
Amos
