>
> Hi Everyone,
>
> We have squid 2.5 setup and working beautifully as a
> transparent proxy. Our
> cisco firewall/router redirects the traffic outbound on port
> 80 to the squid
> box and it in turn is filtered and sent on it's merry way.
>
> Our problem lies with the https traffic, which we are not
> rerouting at the
> cisco box because we realize that squid can't and shouldn't
> proxy that type
> of traffic. The problem is, on and off we seem to have
> reliability with our
> ssl connections. It appears to be an issue when a site
> redirects from an
> insecure to secure page, such as when you are checking out at
> an ecommerce
> site.
>
Transparant proxying has drawbacks as mentioned in :
http://www.squid-cache.org/mail-archive/squid-users/200501/0012.html
Besides the points mentioned in there; there is another subttle issues to
mention :
Some sites may enforce extra steps in authenticating users over
secure 'links' (ssl); in the way that a connection is switched during
a 'logon' sequence from http to https (for instance); then the remote
webserver may check, whether all connections come from the same ip and
reject users if they don't.
Now in your case subsequent http -> https connections may not come
from the same ip and hence the e-commerce site may refuse a login.
Check whether this works when the browser is configured to use
squid directly through proxy config mechanisms.
M.
Received on Wed Jan 19 2005 - 23:46:06 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST