Hi Tek,
On Thu, 2007-11-08 at 13:09 +0545, Tek Bahadur Limbu wrote:
> Hi Dalibor,
>
> Dalibor Dukic wrote:
> > On Wed, 2007-11-07 at 17:15 +0545, Tek Bahadur Limbu wrote:
> >> Hi Adrian,
> >>
> >> Adrian Chadd wrote:
> >>> On Wed, Nov 07, 2007, Hemant Raj Chhetri wrote:
> >>>
> >>>> Hi Adrian,
> >>>> I am also facing the same problem with https
> >>>> sites. Yahoo works fine with me but I am having problem
> >>>> with hotmail. Please advice me on how do I handle this or
> >>>> is there any guide which I can refer to.
> >>> I don't know of an easy way to handle this, I'm sorry. I know how I'd handle
> >>> it in Squid-2.6 but it'd require a couple weeks of work and another few weeks
> >>> of testing.
> >> I have 2 FreeBSD-6.2 transparent Squid proxies using WCCP2 with a Cisco
> >> 3620 router. Up till now, I am not facing any HTTPS problem. At least,
> >> nobody is complaining about Hotmail and Yahoo web mail services.
> >
> > Are clients on private address space? If You NATed clients and squid on
> > same address web server see just one address.
>
> My clients are all using public IP addresses.
>
> >
> >>> (Considering how much of a problem this has caused people in the past I'm
> >>> surprised a solution hasn't been contributed back to the project..)
> >> Maybe, the solution lies on the setup of the Operating System, Squid and
> >> Router itself.
> >
> > I don't think so. HTTPS request are not forwarded to squid box in
> > web-cache service group only port HTTP.
>
> Yes I know that Squid does not handle HTTPS requests which leads to
> another question. If HTTPS does not go through Squid, then does WCCP see
> them or how does WCCP handle them if at all?
>
> We all know since the beginning when we started learning and using Squid
> that intercepting or transparent proxy servers will cause some problems
> down the way. In fact, all softwares will cause some problems. Maybe
> this is one of the problems.
I totally agree with You, but I think that most problems with
transparent proxy-ing with WCCP lies in cisco wccp implementation.
Yesterday I move redirection point to Catalyst 6506 (Version
12.2(18)SXD7bRELEASE SOFTWARE ) and for now everything looks good, even
HTTPS. :)
I hope it will stay like this.
> In fact, I had been facing this Hotmail and Yahoo HTTPS problem with
> Squid-2.5 in the past. I can't remember exactly how I got it solved. On
> one occasion, routing solved the problem and in another case, a firewall
> modification solved the problem.
>
> Maybe the problem still exists now but somehow it has not caught my
> attention for which I am happy :)
>
> But sooner or later, I'm sure this problem will again pop up on my
> proxies too and users will be banging my phone! I guess somebody or one
> of us on this list has to do some really complete analysis and study
> using whatever tools is required to solve this problem once and for all.
>
>
> Thanking you...
Best regards, Dalibor
>
> >
> >> Thanking you...
> >>
> >>
> >>>
> >>>
> >>> Adrian
> >>>
> >>
> >
> >
> >
> >
>
>
Received on Thu Nov 08 2007 - 16:11:28 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST