Re: [squid-users] Squid SSL Bump transparently CONNECT for another proxy from Jatin Bhasin on 2014-06-07 (squid-users)

From: Jatin Bhasin <jbhasin83_at_gmail.com>
Date: Sat, 7 Jun 2014 23:33:48 +1000

Hello,

1) PROXY2 is not configured to bump the traffic and I cannot remove it
from the set up.
2) PROXY2 is listening on port 3128. I have to intercept proxy port
because all the requests are going to PROXY2 on port 3128 and I have
to bump it.

Currently Client is connecting to PROXY2 and I cannot change
configuration on PROXY2 to bump the traffic neither I can remove it
from the netwrok setup.

So is this all possible?

Thanks,
Jatin

On Sat, Jun 7, 2014 at 11:24 PM, Antony Stone
<Antony.Stone_at_squid.open.source.it> wrote:
> On Saturday 07 June 2014 at 14:16, Jatin Bhasin wrote:
>
>> Hello,
>>
>> We have a test set up as below:
>>
>> Client <----> SQUID(PROXY1) <----> PROXY2 <-----> SERVER
>>
>> In the above set up Client browser is configured to point to PROXY2.
>> So client sends the CONNECT request to PROXY2.
>>
>> PROXY1 which is running SQUID is transparently detecting this CONNECTION.
>
> 1. Why are you using transparent intercept when the client is configured to
> connect to Proxy2? Why not just let the client connect, and have Proxy1
> ignore it?
>
> 2. What port number/s are you intercepting? You would normally use
> transparent intercept on ports 80/443, for example, whereas a client-proxy
> connection would be on 3128. Why intercept the proxy port, instead of just
> the HTTP port?
>
>> The goal is that PROXY1 should bump the SSL connection between client
>> and the PROXY2.
>
> What's the purpose of this? Why not just connect from the client to proxy2?
>
>> Hence, I believe that PROXY1 should send the CONNECT request to PROXY2
>> and then all the data transfers occurs between PROXY1 and PROXY2.
>> PROXY1 should then bump the traffic and send it to client.
>>
>> Is this possible? Please suggest the SQUID(PROXY1) configuration
>> settings to achieve this.
>
> Regards,
>
>
> Antony.
>
> --
> "Black holes are where God divided by zero."
>
> - Steven Wright
>
> Please reply to the list;
> please don't CC me.
Received on Sat Jun 07 2014 - 13:33:54 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 07 2014 - 12:00:04 MDT