If you set all browsers at proxy
disable ransparent mode or not use proxy for ssl (in browsers if possible)
The Problem with Transparency
When Squid transparently caches a site, the source IP address of the connection changes: the
request comes from the cache server rather than the client machine. This can play havoc with web
sites that use IP-address authentication (such sites only allow requests from a small set of IP
addresses, rather than authenticating requests with a name and password.)
Since the cache changes the source IP address of the connection, some servers may deny legitimate
users access. In many cases, this will cost users money (they may pay for the service, or use the
information on that site to make money.)
If you know your network inside out, and know exactly who would be accessing a site like this,
there is probably no problem with using transparent caching. If this is the case, though, it might
be easier to simply change all of your users' settings.
19.04.2002 17:52:25, "Ayca Ardic" <aycaa@havelsan.com.tr> wrote:
>
>Hi,
>
>I have a transparent proxy for internet connection. It is a Redhat 7.2
>(kernel 2.4.7) with squid 2.4.Stable6. Our connection is as shown below.
>Browser <-> Proxy <-> Firewall <-> Internet
>
>Proxy server is working fine but I have problem with SSL connections.
>When I want to connect to some internet banking sites, I can log in to site,
>and connect at 443 but I'm not able to use any commands at the site.
>
>If I disable proxy, I can use all the banking services. Also, there is no
>problem if I manually configure my browser to use proxy and set the firewall
>as my gateway.
>
>When I check log files, I saw the following error:
>2002/04/19 13:41:03| sslReadServer: FD 84: read failure: (104) Connection
>reset
>
>As I see from mailing-list archieves, this question is asked for a few
>times. But no solution is advised.
>
>I'll be glad if someone can advise some URL or document.
>
>Thanx for your atteniton.
>
Received on Fri Apr 19 2002 - 07:31:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:36 MST