Re: [squid-users] WCCPv2 and HTTPS problems

From: Hemant Raj Chhetri <[email protected]>
Date: Fri, 09 Nov 2007 09:14:58 +0600

On Fri, 09 Nov 2007 00:04:46 +0100
  Dalibor Dukic <dalibor.dukic@gmail.com> wrote:
> Hi Tek,
>
> On Thu, 2007-11-08 at 13:09 +0545, Tek Bahadur Limbu
>wrote:
>> Hi Dalibor,
>>
>> Dalibor Dukic wrote:
>> > On Wed, 2007-11-07 at 17:15 +0545, Tek Bahadur Limbu
>>wrote:
>> >> Hi Adrian,
>> >>
>> >> Adrian Chadd wrote:
>> >>> On Wed, Nov 07, 2007, Hemant Raj Chhetri wrote:
>> >>>
>> >>>> Hi Adrian,
>> >>>> I am also facing the same problem with
>>https
>> >>>> sites. Yahoo works fine with me but I am having
>>problem
>> >>>> with hotmail. Please advice me on how do I handle
>>this or
>> >>>> is there any guide which I can refer to.
>> >>> I don't know of an easy way to handle this, I'm
>>sorry. I know how I'd handle
>> >>> it in Squid-2.6 but it'd require a couple weeks of
>>work and another few weeks
>> >>> of testing.
>> >> I have 2 FreeBSD-6.2 transparent Squid proxies using
>>WCCP2 with a Cisco
>> >> 3620 router. Up till now, I am not facing any HTTPS
>>problem. At least,
>> >> nobody is complaining about Hotmail and Yahoo web
>>mail services.
>> >
>> > Are clients on private address space? If You NATed
>>clients and squid on
>> > same address web server see just one address.
>>
>> My clients are all using public IP addresses.
>>
>> >
>> >>> (Considering how much of a problem this has caused
>>people in the past I'm
>> >>> surprised a solution hasn't been contributed back to
>>the project..)
>> >> Maybe, the solution lies on the setup of the
>>Operating System, Squid and
>> >> Router itself.
>> >
>> > I don't think so. HTTPS request are not forwarded to
>>squid box in
>> > web-cache service group only port HTTP.
>>
>> Yes I know that Squid does not handle HTTPS requests
>>which leads to
>> another question. If HTTPS does not go through Squid,
>>then does WCCP see
>> them or how does WCCP handle them if at all?
>>
>> We all know since the beginning when we started learning
>>and using Squid
>> that intercepting or transparent proxy servers will
>>cause some problems
>> down the way. In fact, all softwares will cause some
>>problems. Maybe
>> this is one of the problems.
>
> I totally agree with You, but I think that most problems
>with
> transparent proxy-ing with WCCP lies in cisco wccp
>implementation.
> Yesterday I move redirection point to Catalyst 6506
>(Version
> 12.2(18)SXD7bRELEASE SOFTWARE ) and for now everything
>looks good, even
> HTTPS. :)
> I hope it will stay like this.
>
>> In fact, I had been facing this Hotmail and Yahoo HTTPS
>>problem with
>> Squid-2.5 in the past. I can't remember exactly how I
>>got it solved. On
>> one occasion, routing solved the problem and in another
>>case, a firewall
>> modification solved the problem.
>>
>> Maybe the problem still exists now but somehow it has
>>not caught my
>> attention for which I am happy :)
>>
>> But sooner or later, I'm sure this problem will again
>>pop up on my
>> proxies too and users will be banging my phone! I guess
>>somebody or one
>> of us on this list has to do some really complete
>>analysis and study
>> using whatever tools is required to solve this problem
>>once and for all.
>>
>>
>> Thanking you...
>
>
> Best regards, Dalibor
>
>>
>> >
>> >> Thanking you...
>> >>
>> >>
>> >>>
>> >>>
>> >>> Adrian
>> >>>
>> >>
>> >
>> >
>> >
>> >
>>
>>
>

Hi All,
        There is no problem while browsing hotmail through
windows vista for me. If I use a different OS then I am
not able to login. Is there a way to bypass hotmail
through ipfw.

Thanking you all in advance.

Regards,
Hemant.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This footer space is available to carry your advertisements unobtrusively. Please contact 02-3226999 or email webmaster@druknet.bt for advertisement programs available.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Received on Thu Nov 08 2007 - 20:15:26 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST