Re: [squid-users] Forward HTTPS requests using squid.conf from Kenrick on 2006-01-18 (squid-users)

From: Kenrick <matrix2323@dont-contact.us>
Date: Tue, 17 Jan 2006 23:07:20 -0800 (PST)

Hi Mark,

Thanks for the reply. What would be the best setup in
Squid Proxy to replace my MS ISA Proxy server without
manually adding proxy server IP address in IE settings
on users PC? Transparent proxy in Squid would be the
nearest option but I cannot browse HTTPS sites. I'm
using Redhat Enterprise Linux 4.

The current MS ISA proxy setup is similar to
transparent proxy in Squid but the problem with Squid
is that it cannot browse HTTPS sites, MS ISA can
browse HTTPS sites.

Regards,

Kenrick

--- Mark Elsen <mark.elsen@gmail.com> wrote:

> > Hi,
> >
> > My current setup of proxy server is using MS
> ISA2000
> > Server. I'm planning to replace my MS ISA server
> with
> > a Squid Proxy Server. Users who have internet
> access
> > does not have to configure their proxy settings in
> > Internet Explorer, they just have to configure
> their
> > default gateway pointing to the ISA server. The
> ISA
> > server has the permission to go to the internet by
> the
> > firewall. Users can access http, https, ftp
> without
> > any problem. The ISA server has only one network
> > card.
> >
> > Prior to the replacement of ISA server, Squid
> server
> > is configured as a transparent proxy. But further
> > research shows that HTTPS cannot be proxied
> > transparently. Only HTTP is allowed. With
> > transparent proxy, I dont have any problem with
> HTTP.
> >
> > I want to maintain the same configuration of users
> not
> > entering the proxy server IP address in the
> Internet
> > Explorer settings. What would be the best
> solution
> > for allowing (HTTPS, FTP and other) requests
> without
> > configuring IE settings? The firewall, proxy and
> the
> > users are all in the same network segment (i.e
> > 192.168.1.0/24). Assuming that I will be using
> > transparent proxy, how can I forward all requests
> > except HTTP to the firewall using squid.conf?
> >
>
> By definition , your intercepting setup; is
> installed for "port-80" requests.
> So , https requests won´t even reach SQUID, and
> follow the default
> gateway ip-path, towards the wonderfull world of
> the Net.
>
> M.
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Wed Jan 18 2006 - 00:07:52 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST