[squid-users] Transparent HTTPS & Parent proxy

I have several clients that cannot be reconfigured to use a PAC file or proxy, their traffic must be intercepted. They are all behind a Cisco firewall. I've set up WCCP and am intercepting both the HTTP and HTTPS traffic, using two different service groups and two different proxy ports. One problem I had with the Cisco firewall was that it insisted on having the Squid proxy on the same network as the other clients. Since I do not want that network to have direct access to the Internet, I'm chaining the local squid to another squid process on a different network. It looks like client -> squid1 -> squid2 -> internet where the squid1 process is picking up the traffic via WCCP and squid2 is a cache_peer (parent) of squid1. It all works well for HTTP traffic, but I have yet to get HTTPS traffic to work. WCCP is intercepting the traffic and squid1 is seeing it, but an error page is returned to the client saying "Unsupported Request Method and Protocol" I've tried both https_port 4433 cert=myCA.pem intercept and https_port 4433 cert=myCA.pem intercept ssl-bump but I get the same behaviour with both. I do have ssl_bump allow all never_direct allow all in the configuration. Am I missing something simple? Is it just not possible yet with a parent proxy? I realize the request will have to be converted from a GET to a CONNECT. It would not surprise me if the conversion hasn't been implemented yet. This is with squid 3.2.1. Mike Mitchell Mike.Mitchell_at_sas.com
Received on Sat Sep 08 2012 - 11:48:15 MDT