SSL behind a Firewall

I need help getting SSL to work. I am trying to put a squid server
inside my firewall to offload the proxying that I am currently doing on
my firewall.
I have read through the FAQ, User docs and the mail archives and still I
have failed miserably in all my attempts.

The http stuff works ok but when I go to a https page the browser gives
me the message:

Error 400
Proxy supports only full 'http' URLs.

Here is my config

internal users -->Squid server-->firewall-->Internet

I am only trying to proxy outgoing traffic.

Here is my squid.conf file

cache_peer pigpen.sbec.com parent 80 0 no-query default
cache_peer pigpen.sbec.com parent 443 0 no-query default
cache_peer pigpen.sbec.com parent 21 0 no-query default
cache_mem 150 MB
cache_dir ufs /usr/local/squid/cache 300 16 256
debug_options ALL,1 28,5 26,5 17,5
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
http_access allow all
never_direct allow all
icp_access allow all
cache_mgr lot@sbec.com
cache_effective_user nobody
cache_effective_group nogroup
visible_hostname jacob.sbec.com

This is the results in the cache.log and access.log files

2000/04/26 13:18:54| Starting Squid Cache version 2.3.STABLE2 for
sparc-sun-solaris2.6...
2000/04/26 13:18:54| Process ID 23075
2000/04/26 13:18:54| With 1024 file descriptors available
2000/04/26 13:18:54| Performing DNS Tests...
2000/04/26 13:18:54| Successful DNS name lookup tests...
2000/04/26 13:18:54| DNS Socket created on FD 1
2000/04/26 13:18:54| Adding nameserver 192.168.1.4 from /etc/resolv.conf

2000/04/26 13:18:54| Adding nameserver 192.168.4.253 from
/etc/resolv.conf
2000/04/26 13:18:54| Adding nameserver 192.168.31.1 from
/etc/resolv.conf
2000/04/26 13:18:54| Unlinkd pipe opened on FD 7
2000/04/26 13:18:54| Swap maxSize 307200 KB, estimated 23630 objects
2000/04/26 13:18:54| Target number of buckets: 472
2000/04/26 13:18:54| Using 8192 Store buckets
2000/04/26 13:18:54| Max Mem size: 153600 KB
2000/04/26 13:18:54| Max Swap size: 307200 KB
2000/04/26 13:18:54| Rebuilding storage in /usr/local/squid/cache
(CLEAN)
2000/04/26 13:18:54| Set Current Directory to /usr/local/squid/cache
2000/04/26 13:18:54| Loaded Icons.
2000/04/26 13:18:54| Accepting HTTP connections at 0.0.0.0, port 3128,
FD 9.
2000/04/26 13:18:54| Accepting ICP messages at 0.0.0.0, port 3130, FD
10.
2000/04/26 13:18:54| WCCP Disabled.
2000/04/26 13:18:54| Ready to serve requests.
2000/04/26 13:18:55| Configuring Parent firewall.sbec.com/80/0
2000/04/26 13:18:55| Configuring Parent firewall.sbec.com/443/0
2000/04/26 13:18:55| Configuring Parent firewall.sbec.com/21/0
2000/04/26 13:18:55| Done reading /usr/local/squid/cache swaplog (353
entries)
2000/04/26 13:18:55| Finished rebuilding storage from disk.
2000/04/26 13:18:55| 353 Entries scanned
2000/04/26 13:18:55| 0 Invalid entries.
2000/04/26 13:18:55| 0 With invalid flags.
2000/04/26 13:18:55| 353 Objects loaded.
2000/04/26 13:18:55| 0 Objects expired.
2000/04/26 13:18:55| 0 Objects cancelled.
2000/04/26 13:18:55| 0 Duplicate URLs purged.
2000/04/26 13:18:55| 0 Swapfile clashes avoided.
2000/04/26 13:18:55| Took 0.8 seconds ( 435.2 objects/sec).
2000/04/26 13:18:55| Beginning Validation Procedure
2000/04/26 13:18:55| Completed Validation Procedure
2000/04/26 13:18:55| Validated 353 Entries
2000/04/26 13:18:55| store_swap_size = 1091k
2000/04/26 13:18:55| storeLateRelease: released 0 objects
2000/04/26 13:19:00| aclCheckFast: list: 1b3bd0
2000/04/26 13:19:00| aclMatchAclList: checking all
2000/04/26 13:19:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'

2000/04/26 13:19:00| aclMatchIp: '192.168.1.172' found
2000/04/26 13:19:00| aclMatchAclList: returning 1
2000/04/26 13:19:00| aclCheck: checking 'http_access allow all'
2000/04/26 13:19:00| aclMatchAclList: checking all
2000/04/26 13:19:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'

2000/04/26 13:19:00| aclMatchIp: '192.168.1.172' found
2000/04/26 13:19:00| aclMatchAclList: returning 1
2000/04/26 13:19:00| aclCheck: match found, returning 1
2000/04/26 13:19:00| aclCheckCallback: answer=1
2000/04/26 13:19:00| sslStart: 'CONNECT netbenefits.401k.com:443'
2000/04/26 13:19:00| aclCheck: checking 'never_direct allow all'
2000/04/26 13:19:00| aclMatchAclList: checking all
2000/04/26 13:19:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'

2000/04/26 13:19:00| aclMatchIp: '192.168.1.172' found
2000/04/26 13:19:00| aclMatchAclList: returning 1
2000/04/26 13:19:00| aclCheck: match found, returning 1
2000/04/26 13:19:00| aclCheckCallback: answer=1
2000/04/26 13:19:00| sslProxyConnected: FD 11 sslState=3be648
2000/04/26 13:19:00| sslProxyConnected: Sending {CONNECT
netbenefits.401k.com:443 HTTP/1.0
User-Agent: Mozilla/4.7 [en] (Win95; I)
Via: 1.0 jacob.sbec.com:3128 (Squid/2.3.STABLE2)
X-Forwarded-For: 192.168.1.172
Host: netbenefits.401k.com:443
Cache-Control: max-age=259200

}
2000/04/26 13:19:00| sslWriteServer: FD 11, 229 bytes to write
2000/04/26 13:19:00| sslWriteServer: FD 11, 229 bytes written
2000/04/26 13:19:00| sslReadServer: FD 11, reading 8192 bytes at offset
0
2000/04/26 13:19:00| sslReadServer: FD 11, read 180 bytes
2000/04/26 13:19:01| sslWriteClient: FD 8, 180 bytes to write
2000/04/26 13:19:01| sslWriteClient: FD 8, 180 bytes written
2000/04/26 13:19:01| sslReadServer: FD 11, reading 8192 bytes at offset
0
2000/04/26 13:19:01| sslReadServer: FD 11, read 0 bytes
2000/04/26 13:19:01| sslServerClosed: FD 11
2000/04/26 13:19:01| sslClientClosed: FD 8
2000/04/26 13:19:01| sslStateFree: sslState=3be648

956773141.384 440 192.168.1.172 TCP_MISS/000 180 CONNECT
netbenefits.401k.com:443 - DEFAULT_PARENT/firewall.sbec.com -

Am I missing something? Can the Squid proxy server do what I am trying
to do?

I am getting desparate, I'm even considering looking a the Microsoft
Proxy Server.
Thanks for any help you can give me
Received on Wed Apr 26 2000 - 14:08:45 MDT