[squid-users] Intercepting HTTPS with WCCPv2

From: Jason Taylor <j@dont-contact.us>
Date: Wed, 20 Dec 2006 00:02:52 -0500

Hi all,

Is it possible to intercept https traffic with wccpv2 and squid 2.6?
The Cisco documentation leads me to believe that it is possible, at
least with the Cisco Web Cache Engine.

I have heard that transparent proxying of https does not work, but
what about intercept proxying?

Our existing workstation-park has a mix of manually configured
proxy.pac and auto-detect proxy setings and we are deploying WCCPv2
to catch the remaining applets and activeX controls that don't seem
to want to pick up the browser's proxy settings unless a proxy is
explicitly configured (no proxy.pac).

I would like to avoid having to manually hard-code proxies into my
workstations since this way lies madness.

We have two proxies, each running squid 2.6 stable6 on linux red hat.
Both squids are on the same subnet and are single-interface proxies.
There are two gateways on this subnet, each a cisco router.
Both proxies register as wccp2 cache engines with both routers.

WCCP2 works just fine for port 80 as I am using the "standard" config.
If I wish to add in more http ports, I will have to move to a
"dynamic" config and create all my service-definitions.
Do these service-ids have to map to anything specific or are the
numbers more or less arbitrary?

Cheers,

/Jason
Received on Tue Dec 19 2006 - 22:03:18 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST