Re: [squid-users] WCCP, Squid, ASA, HTTP redirect

From: Adrian Chadd <[email protected]>
Date: Fri, 25 Apr 2008 21:56:23 +0800

On Fri, Apr 25, 2008, Nick Duda wrote:
> So it looks like WCCP with an ASA (or some other Cisco WCCP2 supporting device) and Squid (v3?) can only do port 80 interception huh....blah

Squid-3's support is for pulling apart an SSL stream into non-SSL and
re-encrypting it afterwards.

You don't -have- to do that - it'd be mostly trivial to write a basic
TCP tunnel in Squid -just- for intercepting arbitrary TCP ports to do
basic ACLs (eg source/dest IP; throw request into a CONNECT to an upstream
proxy, etc) - but noone's written it for Squid-2.

The big question is - why do you want to intercept port 443?

Adrian

>
>
>
> -----Original Message-----
> From: Adrian Chadd [mailto:adrian@creative.net.au]
> Sent: Thursday, April 24, 2008 11:53 PM
> To: Nick Duda
> Cc: Squid-users
> Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect
>
> On Thu, Apr 24, 2008, Nick Duda wrote:
> > I've googled and saw some stuff but nothing that I can really make sense of.
> >
> > We have successfully designed (and its working) 2 squid transparent proxy servers, both WCCP to an ASA working as failover (if squid dies on one proxy the other one starts taking the redirects from the ASA). The only problem is that we cant figure out how to get HTTPS requests redirected from the ASA to the proxy (using WCCP). Does anyone know how this can happen? Do I need to use dynamic's instead of standards for WCCP? (Ive tried, without success).
> >
> > I really cant imagine that all this WCCP with a web-cache can not work with HTTPS (that would suck)
>
> Squid-2 doesn't support any form of HTTPS "interception".
>
> I could probably be twisted to implement a basic tunnel just for supporting
> intercepted requests (so you can do very basic ACL processing on them.)
>
>
>
> Adrian
>
> --
> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Received on Fri Apr 25 2008 - 13:45:26 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT