[squid-users] Squid3-Debian Lenny Transparent proxy not working with HTTPS

From: John Czerwinski <JohnCzerwinski_at_air-watch.com>
Date: Wed, 11 Nov 2009 09:59:52 -0500

I have configured a Squid3 proxy server on Debian using WCCP to a Cisco 2821 router (via GRE tunnel). Regular HTTP traffic works just fine. Anytime I try to connect to HTTPS, it times out.

I've compiled Squid with --enable-ssl.

The squid configuration is as follows:


####################################################################
# Squid3 Configuration
#
#
#
# Cisco Router at 10.50.40.1
# GRE tunnel to Ciso Router at 10.50.1.1
#
# Local Squid3 server
# name: wwifi-atl-squid1
# IP: 10.50.40.100
# WCCPv2 (Transparent mode)
#
####################################################################
visible_hostname wwifi-atl-squid1
# cache_effective_user squid squid
http_port 10.50.40.100:3128 transparent

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320





# Access Control List Definitions
acl localnet src 10.50.10.0/24 10.50.20.0/24 10.50.30.0/24 10.50.40.0/24 10.50.100.0/24 10.50.201.0/24

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# http allows/denies
always_direct allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_reply_access allow all
icp_access allow all






debug_options ALL,1

# Following options are for transparent mode
wccp2_router 10.50.40.1
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_address 10.50.40.100
Received on Wed Nov 11 2009 - 15:00:13 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 11 2009 - 12:00:03 MST