On 13/05/11 06:40, troxlinux wrote:
> Hi list, I have the following problem in my centos 5.6, I am using it
> for proxy and filter of content with they squid+havp+dansguardian, the
> server has one network card and I cannot put another one, I do not
> have slot pci, I cannot put it in transparent way, all the clients
> proxy has manual, the detail is that when I acces to pages like
> hotmail, gmail etc etc does not open the sites with https
>
> my diagram is
>
> pc Lan ===dansguardian port 8080 + squid 3128 localhost + havp 8090
>
> I have open port in my firewall 8080 , but the problem is when access
> a pages with https not load
>
> this is mi log in squid
>
> 172.16.9.171 TCP_MISS/200 340 GET http://www.hotmail.com -
> DEFAULT_PARENT/127.0.0.1 text/html
>
> any idea?
>
Versions would be helpful.
Your log show a success (status 200) reply using HTTP protocol.
The only thing strange is that "http://www.hotmail.com" always replies
with a 302 redirect for me, never 200.
This 200 response is coming out of HavP (127.0.0.1). Whether it is
casued there or at the origin we can't tell yet.
HTTPS uses CONNECT requests. CONNECT only send the domain:port or
IP:port for the URL, and will always have unknown (infinite) body size
for both request and reply. So be extra careful about what filters you
try an make them pass in DG and HavP.
Squid will attempt to open a direct TCP connection (bypassing havp)
and pass the SSL encrypted data down it unless you configure
"nonhierarchichal_direct off".
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Fri May 13 2011 - 03:55:12 MDT
This archive was generated by hypermail 2.2.0 : Fri May 13 2011 - 12:00:03 MDT