Fwd: [squid-users] Transparent HTTP changes to HTTPS

i've asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: Pat Emerick <patemerick@gfa.org>
To: "Elsen Marc" <elsen@imec.be>, squid-users@squid-cache.org
Date: Saturday, January 31, 2004, 1:25:52 PM
Subject: [squid-users] Transparent HTTP changes to HTTPS

===8<==============Original message text===============
Marking packets is done by IPTables
All port 80 traffic is sent to the proxy with a mark on it.

Failure is observed when a user attempts to purchase online.
Session starts at HTTP site then gets redirected on that site to an
HTTPS url
After a time the session fails - "Cannot not find server or DNS error"

So, session is established and allowed then, in same session the port
changes to 443.
When this happens the session fails.

Some times the user can refresh and/or go "back" then "forward" and the
connection is restored.

It feels like a cache problem? But not always.
 
>
> Anyone suggest a solution?
>
> Have:
> Transparent proxy, single machine, cache & accel are on.
> We mark HTTP packets at the gateway so they go the proxy.

 What do you mean by 'mark' ?
 Which software or whatever tool at the gateway does this ?
 So basic : how is this marking 'organized' ?

> HTTPS are not
> marked
> Mark is removed when squidGuard passes them back to the gateway.
>
> Have ACL CONNECT for HTTPS
> Have httpd_accel_host virtual
> Have httpd_accel_port 80
> Have httpd_accel_single_host off
> Have httpd_accel_with_proxy on
> Have httpd_accell_uses_host_header on
>
> All work great except when a HTTP url points or changes to a
> HTTPS url.

  When it does not work ?
  How is this observed ?
  Which errors e.g. are seen ?

 
> Direct HTTPS goes, no problem.
>

  M.

> Thank you,
>
> Pat
>
>
>
>

===8<===========End of original message text===========

-- 
Best regards,
 mortbox                            mailto:mortbox@gamebox.net