[squid-users] HTTPS CONNECT issue

From: Francis Turner <turner@dont-contact.us>
Date: Wed, 09 Jan 2002 13:31:43 +0100

Probably a dumb newbie question... although I did search the archives
and stumbled on this thread :
http://www.squid-cache.org/mail-archive/squid-users/200110/0178.html

I'm trying to see if squid will transparently redirect HTTPS CONNECTS
that it receives to a second (checkpoint) proxy/firewall. I think the
answer is no it just does the CONNECT direct to the internet server and
there is no way to change it.

Just to be clear the network looks like this
user - squid - chkpoint FW/proxy - Internet

using the cache_peer parent option and the transparent proxy enabling
options HTTP is successfully retrieved through the FW and cached. What I
would like to do is received my users https://securehost requests and
direct them to the checkpoint FW. But from observation what happens is
that squid tries to setup the direct conect to the secure server
instead, which doesn't work as the FW drops the traffic.

Unfortunately the firewall is not under my control which so it is
impossible for me to modify its behaviour to pass port 443 directly, so
I think I will just have to add a static config for my users that tells
them to use the checkpoint for SSL. Is this correct? (Yes I will
investigate PAC but I'd rather everything was completely transparent so
that user's browsers work automatically without any configuration)

(Using Squid 2.4STABLE1)
Francis

-- 
Francis Turner, CIO Juelich Enzyme Products GmbH
http://www.juelich-enzyme.com/ +49-173-291-7278
If you're not part of the solution, you're part of the precipitate.
             -- Henry J. Tillman
Received on Wed Jan 09 2002 - 05:32:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:41 MST