Re: [squid-users] HTTPS CONNECT issue

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 9 Jan 2002 19:52:39 +0100

On Wednesday 09 January 2002 13.31, Francis Turner wrote:

> I'm trying to see if squid will transparently redirect HTTPS CONNECTS
> that it receives to a second (checkpoint) proxy/firewall. I think the
> answer is no it just does the CONNECT direct to the internet server and
> there is no way to change it.

Any proxied requests can be forwarded to another HTTP proxy using the
cache_peer directive. This includes the CONNECT tunnel method.

> using the cache_peer parent option and the transparent proxy enabling
> options HTTP is successfully retrieved through the FW and cached. What I
> would like to do is received my users https://securehost requests and
> direct them to the checkpoint FW. But from observation what happens is
> that squid tries to setup the direct connect to the secure server
> instead, which doesn't work as the FW drops the traffic.

You have most likely forgot to tell Squid that it is inside a firewall.
See the never_direct and always_direct directives.

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Wed Jan 09 2002 - 11:52:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:48 MST