secure connections

From: Stefan Bochnig <[email protected]>
Date: Tue, 8 Aug 2000 16:09:15 +0200

hi

being the good boy i am i've already studied(!) the archives and faq's.
still don't seem to work what should work.
problem:
i use squid V2.2Stbl5 (running on SUSE 6.4) to connect to the proxy of our
isp (VPN router connects to isp proxy with some firewall implementations).
http and ftp works fine. https crashes in ie 5.5, opera 4.01 just waits and
waits and netscape doesn't seem to work too.
ssl without squid (directly to the isp's proxy) works fine with all
browsers. ssl with squid directly to the origin server (over isdn dial-up,
not the vpn router) works fine too.
so neither the isp proxy nor squid seem to work incorrectly. only the
connection client-browser --> squid --> isp proxy --> internet fails.

copy of squid.conf (essentially)

http_port 3128
cache_peer ispproxy parent 8080 0 no-query default login=user:passwd
authenticate_program /usr/bin/ncsa_auth /etc/squidpasswd
connect_timeout 60 seconds

acl password proxy_auth REQUIRED
acl localnet src x.x.x.x-x.x.x.x/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 901 1025-65535
acl SSL method CONNECT
acl denied_hosts dstdomain -i "/etc/noaccess.txt"
acl denied_phrases url_regex -i "/etc/nophrases.txt"

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny SSL !SSL_ports
http_access deny denied_hosts
http_access deny denied_phrases
http_access allow password localnet
http_access deny all

never_direct allow all

cache_effective_user squid
cache_effective_group squid

copy of access.log

965730277.080 270 x.x.x.x TCP_MISS/302 772 GET
http://cipbrk.cdg.citibank.de/HomeBankingSec/StartSession.asp? anonym
DEFAULT_PARENT/ispproxyde text/html
965730277.132 46 x.x.x.x TCP_MISS/000 531 CONNECT
cipehb12.cdg.citibank.de:443 anonym DEFAULT_PARENT/ispproxy - #this is the
breaking point, ie quits completly, opera and netscape can't proceed to the
secured site

many words, few sense for me
anybody able to help me?
Received on Tue Aug 08 2000 - 08:24:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:46 MST