Re: [squid-users] HTTPS CONNECT issue

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 9 Jan 2002 20:15:00 +0100

On Wednesday 09 January 2002 16.17, Francis Turner wrote:

> If I want port 443 to be proxied transparently I have to add another
> httpd_accel_port line as well? [I tried this and it breaks the
> transparent proxy completely even for regular http]

You can't intercept port 443 using Squid. For SSL to be proxied the
browser must be configured to use the proxy.

Squid is a HTTP proxy. As such it must be accessed using HTTP clients. For
HTTP clients using it as a proxy it can provide gatewaying or relaying of
other protocols such as FTP, Gopher, SSL. SSL is not HTTP.

> Then as well as that I also need to add a couple of lines like
> never_direct deny localnet localhost
> never_direct allow all

These should probably read

always_direct allow localnet
never_direct allow all

> which should be placed below the "http_access deny all" line?

The relative order of http_access, never_direct and always_direct does not
matter. Only the ordering within each directive and that anything the
directive refers to must be defined above.

> I have also tried this with and without the above httpd_accel_port
> change and https doesn't work.

Probably because you are attempting the impossible.

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Wed Jan 09 2002 - 12:15:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:48 MST