Re: [squid-users] Logging in to secure sites (AOL, Hotmail,

From: Courtney Grimland <Courtney_Grimland@dont-contact.us>
Date: Fri, 7 Sep 2001 11:24:43 -0500

All I had to do was see it in someone else's words and
it hits me.

I was mistakenly redirecting ALL ports (via ipchains)
to squid, not just www traffic.

Thanks to everyone.

--- Joe Cooper <joe@swelltech.com> wrote:
> Interception caching of HTTP (port 80) traffic for
> these sites does not
> interfere with secured authentication of them. I've
> tested all but AOL
> somewhat recently and they work fine.
>
> I think perhaps there is maybe a simpler networking
> issue--Is port 443
> traffic routed on to the HTTPS sites? You shouldn't
> be interception
> proxying these requests anyway, since they can't be
> cached...so leave
> those packets alone and let them hit the site
> directly. (MASQing works
> OK for them too, if you have to use non-routable IPs
> on the client
> machines.)
>
> You can still safely intercept for port 80, even on
> these sites. (I was
> just testing HotMail extensively ~4 hours ago for a
> client--I /know/ it
> works OK. Yahoo has been a few weeks, but I don't
> guess they've changed
> anything.)
>
> Duane Wessels wrote:
>
> >
> >
> > On Thu, 6 Sep 2001, Courtney Grimland wrote:
> >
> >
> >>I've seen related issues in the list archives, but
> >>none with a suitable solution.
> >>
> >>With squid set up as my transparent proxy,
> internal
> >>clients cannot access secure sites such as the AOL
> >>sign-in page, Yahoo's secure sign-in page, various
> >>on-line banking pages, etc. Making any changes on
> the
> >>client side is not an option, since this is an
> >>anonymous public "kiosk" type environment. Can
> anyone
> >>offer a solution, even if it involves something
> other
> >>than Squid?
> >>
> >
> > If:
> >
> > 1) these sites deny access because secure and
> non-secure
> > requests come from different IP addresses,
> and
> >
> > 2) you cannot make clients use the proxy for
> secure
> > requests, and
> >
> > 3) you must use interception caching, then
> >
> > I think you are out of options.
> >
> > (I'm not sure #1 above is necessarily true)
> >
> > Hm, what are you using for interception? Perhaps
> you
> > need to NOT intercept normal HTTP requests for
> those
> > goofy sites?
>
>
> --
> Joe Cooper <joe@swelltech.com>
> Affordable Web Caching Proxy
> Appliances
> http://www.swelltech.com
>
Received on Fri Sep 07 2001 - 10:22:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:05 MST