Re: [squid-users] http CONNECT method with fwd proxy to content server on same subnet

From: Quin Guin <quinguin_at_yahoo.com>
Date: Mon, 17 May 2010 08:14:24 -0700 (PDT)

Thank you Henrik, Yes I agree as I stated in a reply to Amos this is not an ideal or a good design but I need to make it work. I do have SQUID configured as forward proxy but I think I need to setup some routing policy (iptables) to make everything go directly through our servers as they are acting like a proxy but not a caching proxy and can not handle CONNECT method. Any ideas would be greatly appreciated and I have looked and tried the Config example in the FAQ & WIki on squid-cache.org. best regards, Guin ----- Original Message ---- From: Henrik Nordström <henrik_at_henriknordstrom.net> To: Quin Guin <quinguin_at_yahoo.com> Cc: squid-users_at_squid-cache.org Sent: Sat, May 15, 2010 3:17:57 AM Subject: Re: [squid-users] http CONNECT method with fwd proxy to content server on same subnet fre 2010-05-14 klockan 07:17 -0700 skrev Quin Guin: > I have a remote server sending a HTTP CONNECT to my server but my > server can't handle an HTTP CONNECT. So I wanted to use squid to > handle the CONNECT method and then send the https requests to my local > server to handle the request. I know that a transparent proxy doesn't > know how to handle the SSL requests because is not operating as a > normal proxy. So I have been using squid as a fwd proxy but it keeps > sending the http CONNECT method to my end server which is causing > issues. So I am asking for ideas on what I need to do to look at do > this. I have tried various iptables rules and cache_peers but nothing > is seeming to work I am using pretty much the default config except > for my local network IPs and ACL to allow the traffic. You should not require anything special. Just Squid configured as a plain proxy and allowing this remote server to access it. Note that you SHOULD NOT configure Squid as a reverse proxy. CONNECT is a proxy method. But as amos mentioned, why is that remote server sending your CONNECT requests in the first place? Probably better to address the problem there. Regards Henrik
Received on Mon May 17 2010 - 15:14:32 MDT

This archive was generated by hypermail 2.2.0 : Tue May 18 2010 - 12:00:04 MDT