Interception caching of HTTP (port 80) traffic for these sites does not
interfere with secured authentication of them. I've tested all but AOL
somewhat recently and they work fine.
I think perhaps there is maybe a simpler networking issue--Is port 443
traffic routed on to the HTTPS sites? You shouldn't be interception
proxying these requests anyway, since they can't be cached...so leave
those packets alone and let them hit the site directly. (MASQing works
OK for them too, if you have to use non-routable IPs on the client
machines.)
You can still safely intercept for port 80, even on these sites. (I was
just testing HotMail extensively ~4 hours ago for a client--I /know/ it
works OK. Yahoo has been a few weeks, but I don't guess they've changed
anything.)
Duane Wessels wrote:
>
>
> On Thu, 6 Sep 2001, Courtney Grimland wrote:
>
>
>>I've seen related issues in the list archives, but
>>none with a suitable solution.
>>
>>With squid set up as my transparent proxy, internal
>>clients cannot access secure sites such as the AOL
>>sign-in page, Yahoo's secure sign-in page, various
>>on-line banking pages, etc. Making any changes on the
>>client side is not an option, since this is an
>>anonymous public "kiosk" type environment. Can anyone
>>offer a solution, even if it involves something other
>>than Squid?
>>
>
> If:
>
> 1) these sites deny access because secure and non-secure
> requests come from different IP addresses, and
>
> 2) you cannot make clients use the proxy for secure
> requests, and
>
> 3) you must use interception caching, then
>
> I think you are out of options.
>
> (I'm not sure #1 above is necessarily true)
>
> Hm, what are you using for interception? Perhaps you
> need to NOT intercept normal HTTP requests for those
> goofy sites?
--
Joe Cooper <joe@swelltech.com>
Affordable Web Caching Proxy Appliances
http://www.swelltech.com
Received on Fri Sep 07 2001 - 00:16:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:04 MST