Re: [squid-users] HTTPS interception and proxy to origin server clear traffic / FTP Proxy

From: Amos Jeffries <>
Date: Sat, 14 Jul 2012 15:49:36 +1200

On 14/07/2012 3:22 a.m., Abdessamad BARAKAT wrote:
> Hi,
> 1) HTTPS Interception
> I try to setup https transparent configuration with squid 3.1.20
> The traffic was correctly forwarded to the proxy port 3129 via WCCP
> (Cisco ASA GW) , but the proxy doesn't use ssl connection to join the
> final server but a clear http connection with port 80
> The flow client --> squid proxy use correctly ssl with the squid's certificate
> Any idea why the squid don't use a https connection to join the final server ?

Squid-3.1 is not designed for HTTPS interception. You require features
only available in the 3.2 series.

> 2) FTP Interception
> If I understand correctly, squid can handle FTP transparent use with
> browser's use (FTP native client not suppported)

There is nothing transparent about that. The browser tells Squid what
URL to fetch from FTP parts of the Internet. Squid produces an HTTP
object for the browser.

> I have configured only WCCP stuff, nothing about FTP on squid and I
> can see the 3-way handshake was established correctly between the
> client and the proxy, but after that nothing...

What proxy? Not Squid, because Squid would be sending HTTP erorr codes,
not FTP handshake codes.

> If I want to use a native ftp client, anyone can suggest me a good ftp
> transparent proxy ( I see frox or ftp-proxy but theses softwares
> doesn't seem maintained or have a recent stable version)

Release date is not a good measure of usefulness. The FTP protocol has
not changed in years, so there is no new features to be added to a well
written FTP proxy.

Received on Sat Jul 14 2012 - 07:26:51 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 16 2012 - 12:00:02 MDT