Re: [squid-users] Urgent: Squid as SSL-Gateway on Solaris8@x86 from Henrik Nordstrom on 2003-06-03 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 3 Jun 2003 22:55:13 +0200

On Tuesday 03 June 2003 17.21, Pavic, Aleksander wrote:

> We want that our Customers first Connect to Squid with https
> because of sensitive Data. After that Squid must connect to our
> internal Server with only http!
>
> We read that Squid 2.5 could do this.

It does.

> Netscape 7 on a Solaris8@sparc Box is used for testing. I test the
> whole thing from an internal Client. Netscape is configured with:
> http Proxy Port 80 and https Proxy with Port 443.
>
> When I type in "https://www.freedom.de" at my browser it Times out.
> The Following error occurs in cache.log
>
> 2003/06/03 13:58:19| clientAccessCheck: proxy request denied in
> accel_only mode

Right. This was received on port 80.

> 2003/06/03 13:58:29| clientNegotiateSSL: Error
> negotiating SSL connection on FD 14: error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request

And this on port 443.

Both rejected for the same reason. Your Squid is acting as a web
server (http and https), but you are attempting to use Squid as a
proxy server.

Remove your proxy settings from the browser and instead access Squid
as a web server and things should work considerably better.

> Additional Question:
> Is it possible to run one "normal" Squid and one which is only used
> for this accelerator thing on one Maschine?

Yes.

Just make sure the accelerator only one has all other protocols
disabled (ICP, HTCP, SNMP ,...), and install the two with different
prefixes and you will be fine.

> If I start one Squid
> and then the other the last one tell me that there is already one
> Squid running.

This is because the two are installed with the same prefix and using
the same configuration. The easies method is to install the two with
different prefixes, but it is also possible to set up different
configurations giving each copy unique paths for logs, pid file etc.

> But one Squid is in /usr/local/squid and the other
> in /usr/local/squid.ssl. The cache_effective_user and group are set
> to different users and groups. What can i do?
> Just mixed Mode?

If you get the error that there is a Squid running then at least the
pid_filename is set to the same in both copies.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Tue Jun 03 2003 - 15:18:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:14 MST