Re: [squid-users] WCCPv2 and HTTPS problems

From: Amos Jeffries <squid3@dont-contact.us>
Date: Wed, 07 Nov 2007 23:29:12 +1300

Adrian Chadd wrote:
> On Wed, Nov 07, 2007, Dalibor Dukic wrote:
>
>> OK, but when I put proxy settings manually in browser even for SSL,
>> SQUID will just start passing data from client to server. I can't do
>> this with WCCP ?
>
> No. The browser wraps up the SSL requests in a normal HTTP request ("CONNECT");
> transparently intercepted SSL requests look like SSL and not like HTTP.
> Squid knows about the former but not currently about the latter.
>
>>> You should investigate the TPROXY Squid integration which, when combined
>>> with a correct WCCPv2 implementation and compatible network design,
>>> will allow your requests to look like they're coming from your client
>>> IPs.
>> Does TPROXY functionality requires any modification to kernel code
>> especially netfilter part?
>
> Yes.
>
>> I think this would solve the problems I facing with. I'll try this if
>> this is only solution and give info to group.
>
> Good luck!
>

This issue appears to be a direct interception corrollary to the
SSL-bump recently sponsored for inclusion into squid3.1.
Perhapse with some additional sponsorship someone with SSL experience
will find the time to do the interception-tunnelling side of it.

Amos
Received on Wed Nov 07 2007 - 03:29:22 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST