Re: [squid-users] HTTPS interception and proxy to origin server clear traffic / FTP Proxy from Abdessamad BARAKAT on 2012-07-16 (squid-users)

From: Abdessamad BARAKAT <abdsamad13_at_gmail.com>
Date: Mon, 16 Jul 2012 09:54:32 +0200

Hi amos,

2012/7/14 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 14/07/2012 3:22 a.m., Abdessamad BARAKAT wrote:
>>
>> Hi,
>>
>> 1) HTTPS Interception
>>
>> I try to setup https transparent configuration with squid 3.1.20
>>
>> The traffic was correctly forwarded to the proxy port 3129 via WCCP
>> (Cisco ASA GW) , but the proxy doesn't use ssl connection to join the
>> final server but a clear http connection with port 80
>>
>> The flow client --> squid proxy use correctly ssl with the squid's
>> certificate
>>
>> Any idea why the squid don't use a https connection to join the final
>> server ?
>
>
> Squid-3.1 is not designed for HTTPS interception. You require features only
> available in the 3.2 series.
>
>

But I can understand why squid can intercept the https connection from
the client, and after that doesn't make a https session but a http
session to the final server

>
>>
>> 2) FTP Interception
>>
>> If I understand correctly, squid can handle FTP transparent use with
>> browser's use (FTP native client not suppported)
>
>
> There is nothing transparent about that. The browser tells Squid what URL to
> fetch from FTP parts of the Internet. Squid produces an HTTP object for the
> browser.
>
>
>>
>> I have configured only WCCP stuff, nothing about FTP on squid and I
>> can see the 3-way handshake was established correctly between the
>> client and the proxy, but after that nothing...
>
>
> What proxy? Not Squid, because Squid would be sending HTTP erorr codes, not
> FTP handshake codes.

Yes with squid, but I use a http browser (with a url like
ftp://ftp.toto.com), the tcp connection was established but after
that, nothing

Squid can't handle ftp connections with a web browser ? I know he
can't handle native ftp client

>
>>
>> If I want to use a native ftp client, anyone can suggest me a good ftp
>> transparent proxy ( I see frox or ftp-proxy but theses softwares
>> doesn't seem maintained or have a recent stable version)
>
>
> Release date is not a good measure of usefulness. The FTP protocol has not
> changed in years, so there is no new features to be added to a well written
> FTP proxy.
>
> Amos
>

Many thanks amos
Received on Mon Jul 16 2012 - 07:54:41 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 16 2012 - 12:00:02 MDT