Hello,
I've spent the past two weeks searching through the archives and the web
for possible solutions to our issue with no solution yet.
Here's a brief description and setup:
We have a 10.10.1.0/24 subnet. All internet traffic passes through a
NAT box before going out to the Internet. On that NAT box, we have a
mangle rule (iptables) to send tcp80 traffic to the squid box, which is
setup correctly to act transparently. It is 2.5.STABLE3.
In addition, SquidGuard-1.2.0 is used for content filtering using the
squid redirector interface.
The strange part is that in purely transparent mode, Windows Update (and
some other sites that use https with http) fails; though if we set the
browser settings manually to use the proxy, it works like a charm! I
have never seen this before.
I have tried adding extension_methods (listed in numerous replies here),
no cache directives, and I've even spent some time trying to see if I
can get squid to at least just pass traffic for 443.
I could be entirely wrong, but I get the feeling the issue is from the
requests coming out on two different boxes (the http and the https
following that). Unfortunately, I have been largely unsuccessful in
finding a way to just forward ssl traffic (I don't care to police or
cache it) out the same way that the http traffic is handled (mangle to
the squid box).
Right now we're using a hack-like solution, which is having the NAT box
not send traffic to Windows Update IP's through squid, but this is far
from ideal since those IP's are ever changing and caching updates would
save a great amount of bandwidth.
So the goal at the moment is to find a way to transparently make https
traffic go in and out of the squid box (from the NAT box).
Thanks for your time; I look forward to trying some new solutions.
Sincerely,
Nick Pappas
The Keyes Company
Received on Tue Jul 08 2003 - 15:03:59 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:53 MST