This issue has been discussed many times in the Squid mailing list. The
problem is not with Squid, but with IE's use of a broken WININET.DLL
library. The library first sends a HTTPS request, then switches to
HTTP. Many secure web sites require a continued stream of HTTPS. The
WININET.DLL of Windows 2003 Enterprise Edition is not broken, but
Windows 2000, and Windows XP (non-SP2) is not. I have yet to confirm
whether Windows XP SP2 is broken or not.
Note, any other Microsoft based application (Visual Studio type of
application) that uses the broken WININET.DLL will have the same problem.
If the HTTPS site being access is required for by your organization,
allow the site direct access through your Squid with appropriate ACL and
Access rules. This diminishes the problem.
Tim
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------
Henrik Nordstrom wrote:
> On Tue, 9 Nov 2004, Brad Larden wrote:
>
>> I understand what you're saying but I can 'see' the request hit the
>> proxy server from the client.
>
>
> In your trace I can only see a new TCP connection, but no request sent
> by the browser on this connection.
>
> Regards
> Henrik
>
Received on Tue Nov 09 2004 - 09:02:00 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST