Hi,
We have looked at squid archives regarding ssl and I'm not getting far.
I'm hoping some one on this newsgroup might be able to help.
Here's my problem.
I've got a parent running Squid v2.3.STABLE3 that can use SSL and access
secured sites. I've got a remote proxy running the same version squid
that can not use SSL. The remote proxy checks its cache and if object
is not listed, forwards requests to the parent. I'm not sure why SSL
for remote proxy is failing. I'm not sure what I need to do to fix the
problem.
access.log shows:
"GET http://www/epson.com/image..." 200 443 TCP_MISS:DEFAULT_PARENT"
"CONNECT virtuallythere.com:443 HTTP/1.0" 0 39 TCP_MISS:DIRECT
"CONNECT virtuallythere.com:443 HTTP/1.0" 407 1374 TCP_DENIED:NONE
Listed is the remote's squid.conf settings:
http_port 3128
icp_port 3130
cache_peer xx.xx.x.xxx parent 3128 3130 default login=xxxxx:xxxxxxx
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl sys_parent url_regex ~http://xx.xx.x.xxx
acl sys_remote src xx.xxx.xx.xxx
acl FTP proto FTP
always_direct allow FTP
acl passwd proxy_auth REQUIRED
http_access allow manager localhost
http_access deny manager !localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow sys_remote
always_direct allow sys_parent
http_access allow passwd
http_access allow FTP
always_direct allow FTP
http_access deny all
icp_access allow all
miss_access allow all
maximum_icp_query_timeout 2000
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
cache_dir ufs /usr/local/squid/cache 100 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_store_log /usr/local/squid/logs/store.log
emulate_httpd_log on
pid_filename /usr/local/squid/logs/squid.pid
debug_options ALL,1
ftp_list_width 32
authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/users
authenticate_children 5
authenticate_ttl 3600
request_header_max_size 10 KB
request_body_max_size 30 MB
reply_body_max_size 30 MB
quick_abort_min 16 KB
quick_abort_max 16 KB
connect_timeout 120 seconds
read_timeout 30 seconds
client_lifetime 1 day
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
proxy_auth_realm Squid proxy-caching web server
cache_effective_group squid
logfile_rotate 0
append_domain .xxxxxxxx.com
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Sep 22 2000 - 11:05:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:27 MST