Hi Just a quick question regarding SSL bump and ICAP. I have integrated Squid 3.5.9 with a commercial product that provides an ICAP service. It works fine for HTTP. Upon recieving an ICAP query for a blocked HTTP site the following ICAP response is returned. ICAP/1.0 200 OK ISTAG: "PRODUCTNAME" Attribute: Blocked Sites Encapsulated: res-hdr=0, null-body=148 HTTP/1.0 302 Moved Location: http://192.168.0.10/block?session=12345678 Pragma: no-cache Cache-Control: no-cache and the block page is correctly displayed in the users browser However, when accessing a blocked site over HTTPS the following ICAP response is received: ICAP/1.0 200 OK ISTAG: "PRODUCTNAME" Attribute: Blocked Sites Encapsulated: res-hdr=0, null-body=533 HTTP/1.0 403 Blocked Content-Type: text/html Pragma: no-cache Cache-Control: no-cache Location: http://192.168.0.10/block?session=12345678 <html> <head> <meta http-equiv="refresh" content="0;url=http://192.168.0.10/block?session=12345678";> <title>Blocked</title> </head> <body> <h4>You have been blocked.</h4> <p>Click <a href="http://192.168.0.10/block?session=12345678";>here</a> for details</p> </body> </html> Chrome and IE just error upon receiving this response. In the case of Chrome I get an ERR_TUNNEL_CONNECTION_FAILED error. I could be wrong but I would imagine this error is by design, as Chrome will only respond to a proxy authentication request or SSL handshake in response to a HTTP CONNECT? If that's correct, I was wondering if there is a way to get this to work, with peek and splice possibly or any alternative method? Thank you Paul _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
