Re: [squid-users] WCCPv2 and HTTPS problems from Tek Bahadur Limbu on 2007-11-08 (squid-users)

From: Tek Bahadur Limbu <teklimbu@dont-contact.us>
Date: Thu, 08 Nov 2007 13:09:38 +0545

Hi Dalibor,

Dalibor Dukic wrote:
> On Wed, 2007-11-07 at 17:15 +0545, Tek Bahadur Limbu wrote:
>> Hi Adrian,
>>
>> Adrian Chadd wrote:
>>> On Wed, Nov 07, 2007, Hemant Raj Chhetri wrote:
>>>
>>>> Hi Adrian,
>>>> I am also facing the same problem with https
>>>> sites. Yahoo works fine with me but I am having problem
>>>> with hotmail. Please advice me on how do I handle this or
>>>> is there any guide which I can refer to.
>>> I don't know of an easy way to handle this, I'm sorry. I know how I'd handle
>>> it in Squid-2.6 but it'd require a couple weeks of work and another few weeks
>>> of testing.
>> I have 2 FreeBSD-6.2 transparent Squid proxies using WCCP2 with a Cisco
>> 3620 router. Up till now, I am not facing any HTTPS problem. At least,
>> nobody is complaining about Hotmail and Yahoo web mail services.
>
> Are clients on private address space? If You NATed clients and squid on
> same address web server see just one address.

My clients are all using public IP addresses.

>
>>> (Considering how much of a problem this has caused people in the past I'm
>>> surprised a solution hasn't been contributed back to the project..)
>> Maybe, the solution lies on the setup of the Operating System, Squid and
>> Router itself.
>
> I don't think so. HTTPS request are not forwarded to squid box in
> web-cache service group only port HTTP.

Yes I know that Squid does not handle HTTPS requests which leads to
another question. If HTTPS does not go through Squid, then does WCCP see
them or how does WCCP handle them if at all?

We all know since the beginning when we started learning and using Squid
that intercepting or transparent proxy servers will cause some problems
down the way. In fact, all softwares will cause some problems. Maybe
this is one of the problems.

In fact, I had been facing this Hotmail and Yahoo HTTPS problem with
Squid-2.5 in the past. I can't remember exactly how I got it solved. On
one occasion, routing solved the problem and in another case, a firewall
modification solved the problem.

Maybe the problem still exists now but somehow it has not caught my
attention for which I am happy :)

But sooner or later, I'm sure this problem will again pop up on my
proxies too and users will be banging my phone! I guess somebody or one
of us on this list has to do some really complete analysis and study
using whatever tools is required to solve this problem once and for all.

Thanking you...

>
>> Thanking you...
>>
>>
>>>
>>>
>>> Adrian
>>>
>>
>
>
>
>

-- 
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com

Received on Thu Nov 08 2007 - 00:25:02 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST