2012/7/16 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 16/07/2012 7:54 p.m., Abdessamad BARAKAT wrote: >> >> Hi amos, >> >> 2012/7/14 Amos Jeffries: >> >>> On 14/07/2012 3:22 a.m., Abdessamad BARAKAT wrote: >>>> >>>> Hi, >>>> >>>> 1) HTTPS Interception >>>> >>>> I try to setup https transparent configuration with squid 3.1.20 >>>> >>>> The traffic was correctly forwarded to the proxy port 3129 via WCCP >>>> (Cisco ASA GW) , but the proxy doesn't use ssl connection to join the >>>> final server but a clear http connection with port 80 >>>> >>>> The flow client --> squid proxy use correctly ssl with the squid's >>>> certificate >>>> >>>> Any idea why the squid don't use a https connection to join the final >>>> server ? >>> >>> >>> Squid-3.1 is not designed for HTTPS interception. You require features >>> only >>> available in the 3.2 series. >>> >>> Amos, what's your advice on this subject : >> But I can understand why squid can intercept the https connection from >> the client, and after that doesn't make a https session but a http >> session to the final server >> >>>> 2) FTP Interception >>>> >>>> If I understand correctly, squid can handle FTP transparent use with >>>> browser's use (FTP native client not suppported) >>> >>> >>> There is nothing transparent about that. The browser tells Squid what URL >>> to >>> fetch from FTP parts of the Internet. Squid produces an HTTP object for >>> the >>> browser. >>> >>> >>>> I have configured only WCCP stuff, nothing about FTP on squid and I >>>> can see the 3-way handshake was established correctly between the >>>> client and the proxy, but after that nothing... >>> >>> >>> What proxy? Not Squid, because Squid would be sending HTTP erorr codes, >>> not >>> FTP handshake codes. >> >> Yes with squid, but I use a http browser (with a url like >> ftp://ftp.toto.com), the tcp connection was established but after >> that, nothing > > > This means little. The browser could be passing HTTP request for ftp:// to > Squid or it could be passing FTP traffic to ftp.toto.com. > > Squid *cannot* intercept the FTP traffic port(s). > > >> >> Squid can't handle ftp connections with a web browser ? I know he >> can't handle native ftp client > > > When the browser is using FTP protocol there is no difference between it and > a native FTP client. > > When it is sending ftp:// URL to a HTTP proxy it uses HTTP protocol. So for you It will working ? If I use a browser with " ftp://..."; the wccp redirect correctly the ftp service to the squid proxy but only the 3 way handshake was made, after that nothing... If I use in explicit mode the proxy, it's working The cisco ASA see it like a ftp traffic service and not a http traffic on the wccp point of view, and I can see the browser made a connection with the ftp port I hope it's much clear > > Amos > thanks again amos
