Re: [squid-users] WCCPv2 and HTTPS problems

From: Adrian Chadd <[email protected]>
Date: Thu, 8 Nov 2007 07:49:15 +0900

On Wed, Nov 07, 2007, Alex Rousskov wrote:

> > The browser wraps up the SSL requests in a normal HTTP request ("CONNECT");
> > transparently intercepted SSL requests look like SSL and not like HTTP.
> > Squid knows about the former but not currently about the latter.
>
> Adrian,
>
> AFAIK, Squid can handle HTTPS requests in an accelerated environment
> setup, using https_port settings. If I configure Cisco to redirect https
> traffic to Squid https_port using WCCP, will Squid know how to decrypt
> the request?
>
> If yes, then SslBump should work, in principle, for WCCP/HTTPS
> interception. Testing this is on my to-do list, but I wanted to know
> whether you foresee any problems with this scheme (other than browser
> warnings that SslBump causes). Do you?

Nope, it should work - all it needs to do is take the original request
destination/port and use that (possibly) when forwarding the request.

> Alex.
> P.S. In my tests, SslBump already works for intercepting CONNECT
> requests.

Nice. :)

Adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
Received on Wed Nov 07 2007 - 15:46:12 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST