Search squid archive

ICAP and HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

Just a quick question regarding SSL bump and ICAP.

I have integrated Squid 3.5.9 with a commercial product that provides
an ICAP service. It works fine for HTTP.

Upon recieving an ICAP query for a blocked HTTP site the following
ICAP response is returned.

ICAP/1.0 200 OK
ISTAG: "PRODUCTNAME"
Attribute: Blocked Sites
Encapsulated: res-hdr=0, null-body=148

HTTP/1.0 302 Moved
Location: http://192.168.0.10/block?session=12345678
Pragma: no-cache
Cache-Control: no-cache

and the block page is correctly displayed in the users browser

However, when accessing a blocked site over HTTPS the following ICAP
response is received:

ICAP/1.0 200 OK
ISTAG: "PRODUCTNAME"
Attribute: Blocked Sites
Encapsulated: res-hdr=0, null-body=533

HTTP/1.0 403 Blocked
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Location: http://192.168.0.10/block?session=12345678

<html>
  <head>
    <meta http-equiv="refresh"
content="0;url=http://192.168.0.10/block?session=12345678";>
    <title>Blocked</title>
  </head>
  <body>
    <h4>You have been blocked.</h4>
    <p>Click <a
href="http://192.168.0.10/block?session=12345678";>here</a> for
details</p>
  </body>
</html>

Chrome and IE just error upon receiving this response. In the case of
Chrome I get an ERR_TUNNEL_CONNECTION_FAILED error. I could be wrong
but I would imagine this error is by design, as Chrome will only
respond to a proxy authentication request or SSL handshake in response
to a HTTP CONNECT?

If that's correct, I was wondering if there is a way to get this to
work, with peek and splice possibly or any alternative method?

Thank you

Paul
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux