I can't seem to find a straight answer for this.
I'm running squid 3.4.8. Compiled from source.
I'ts talking via wccp to our firewall. We're using it only for informational purposes, IE we're not blocking anything, just trying to get some visibility into what our pipe is being used for.
http works as expected no issues there.
What I'm trying to find out is should or shouldn't I get some sort of log entry for https, the initial get before the tls is setup?
Something like : 1341110030.974 973 172.17.3.37 TCP_MISS/200 2361 CONNECT example.com:443 vineeth.v DIRECT/X.X.X.X -
I am not trying to do any decryption.
Currently I have the firewall not redirecting service 70 ( https ) to squid because when it's on, you can't get to those sites.
So I think at this point I'm either expecting something to happen that can't, the log being written , or I'm doing something wrong, I'm just not sure which it is.
Squid.conf:
#Access Lists
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32
acl internal src 192.168.200.0/21
acl wireless src 192.168.100.0/23
#Ports allowed through Squid
acl Safe_ports port 80
acl Safe_ports port 443
acl SSL_ports port 443
acl SSL method CONNECT
acl CONNECT method CONNECT
#allow/deny
#http_access allow localhost
http_access allow internal
http_access allow wireless
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
#caching directory
#cache_dir ufs /home/user/squidcache/ 2048 16 128
#cache_mem 1024 MB
#nameservers
dns_nameservers 192.168.201.1 8.8.8.8
#WCCPv2 items
http_port 3128 intercept
wccp_version 2
wccp2_router 192.168.200.73
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0 password=xxxxxxxx
wccp2_service dynamic 70 password=xxxxxxxx
wccp2_service_info 70 protocol=tcp flags=dst_ip_hash priority=240 ports=443
Thank you
Bruce
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users