Fwd: [squid-users] Transparent HTTP changes to HTTPS from mortbox@dont-contact.us on 2004-01-31 (squid-users)

From: <mortbox@dont-contact.us>
Date: Sat, 31 Jan 2004 20:51:13 -0500

i've asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: usman fool <usman_fool@hotmail.com>
To: patemerick@gfa.org
Date: Saturday, January 31, 2004, 6:14:52 PM
Subject: [squid-users] Transparent HTTP changes to HTTPS

===8<==============Original message text===============

now only transperant proxy does not work.
u must do SNAT so called ip masquerade.otherwise users will face so much
problems when doing sms, mail checking on hotmail. and some other sites
which need any other port connectivity rather 80.

or another solution is dont use transperant proxy.

usman.

>From: "Pat Emerick" <patemerick@gfa.org>
>To: "Elsen Marc" <elsen@imec.be>,<squid-users@squid-cache.org>
>Subject: RE: [squid-users] Transparent HTTP changes to HTTPS
>Date: Sat, 31 Jan 2004 12:25:52 -0600
>
>Marking packets is done by IPTables
>All port 80 traffic is sent to the proxy with a mark on it.
>
>Failure is observed when a user attempts to purchase online.
>Session starts at HTTP site then gets redirected on that site to an
>HTTPS url
>After a time the session fails - "Cannot not find server or DNS error"
>
>So, session is established and allowed then, in same session the port
>changes to 443.
>When this happens the session fails.
>
>Some times the user can refresh and/or go "back" then "forward" and the
>connection is restored.
>
>It feels like a cache problem? But not always.
>
> >
> > Anyone suggest a solution?
> >
> > Have:
> > Transparent proxy, single machine, cache & accel are on.
> > We mark HTTP packets at the gateway so they go the proxy.
>
> What do you mean by 'mark' ?
> Which software or whatever tool at the gateway does this ?
> So basic : how is this marking 'organized' ?
>
> > HTTPS are not
> > marked
> > Mark is removed when squidGuard passes them back to the gateway.
> >
> > Have ACL CONNECT for HTTPS
> > Have httpd_accel_host virtual
> > Have httpd_accel_port 80
> > Have httpd_accel_single_host off
> > Have httpd_accel_with_proxy on
> > Have httpd_accell_uses_host_header on
> >
> > All work great except when a HTTP url points or changes to a
> > HTTPS url.
>
> When it does not work ?
> How is this observed ?
> Which errors e.g. are seen ?
>
>
> > Direct HTTPS goes, no problem.
> >
>
> M.
>
>
> > Thank you,
> >
> > Pat
> >
> >
> >
> >

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail

===8<===========End of original message text===========

-- 
Best regards,
 mortbox                            mailto:mortbox@gamebox.net

Received on Sat Jan 31 2004 - 19:27:23 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:10 MST