On 28/05/2013 11:16 p.m., Karl Hiramoto wrote:
Hi,
I'm trying to setup squid to be a load balancer, and provide
redundancy, to other anonymous proxies. Everything works fine for
HTTP, but when trying to use HTTPS squid falls back to http. Some
sites don't allow you to browse or login without HTTPS.
My Setup is:
/---> AnonProxy1 ---->Final
destination
Client ---> MyProxy -*---> AnonProxy2 ---->Final destination
\---> AnonProxy3 ---->Final
destination
Ideally between squid MyProxy and AnonProxy I'd like HTTP CONNECT
(RFC2616 ) tunnel to be setup. Does anyone have an example
configuration for this?
If I setup my client to connect directly to AnonProxy1 HTTP and
HTTPS work fine. I don't have any control or ability to change
configuration of AnonProxy.
Squid "falls back" to HTTP because the peer proxies are all configured
as HTTP-only proxies. None of them are configured with SSL connectivity.
You cannot (yet) configure sending a CONNECT to peers because nobody has
coded Squid to support that yet. There is some code in the very latest
Squid (as in it literally just went into 3.HEAD yesterday) to make
failover send and handle CONNECT to peers when intercepted HTTPS goes
badly. But that is only for intercepted SSL at present. Patches adding
similar handling in other events is welcome.
Amos
