[squid-users] Squid configuration for wccp https requests

Hello Everyone!

I have a query regarding the implementation of WCCPv2 with a Squid Proxy
(v3.1). We have enabled WCCP on a Cisco 6500 switch. The requirement is
requests coming from a particular IP need to be redirected to the Squid
Proxy which would then forward the request to another proxy (hierarchial
proxies). We have been able to set it up for HTTP requests but are running
into problems with HTTPS.

We dont see any HTTPS requests being redirected by the switch to the squid
Proxy. Network team has verified the WCCP configuration on the switch with
Cisco forum and that has been confirmed to be correct.

configuration is:

Service Identifier 70 and web-cache(http) configured on the switch.

GRE Tunnel setup between switch and squid Proxy

Using iptables to redirect traffic to squid port

Squid Configuration:

http_port 3128 transparent

wccp2_router <router_ip>
wccp2_service standard 0
wccp2_service dynamic 70
wccp2_service_info 70 protocol=tcp flags=src_ip_hash,ports_source
priority=240 ports=443

wccp2_assignment_method mask
wccp2_forwarding_method 1
wccp2_return_method 1

I have taken wireshark traces and can see both the "here i am" and "i see
you" packets being exchanged for http and for port 443.However for port 443,
i see the service id being sent as unknown. Is that correct? or should it be
setting it as 70?

Are we missing something in the configuration that is causing the switch to
not redirect https packets?

Also, wanted to confirm that if this works, would the https request be
coming over to squid as HTTP, meaning like a HTTP Connect message to set up
the connection before the SSL exchange?

Regards,
akshay

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-configuration-for-wccp-https-requests-tp4434613p4434613.html
Sent from the Squid - Users mailing list archive at Nabble.com.