[squid-users] Re: HTTP/HTTPS transparent proxy doesn't work

From: agent_js03 <justinmschw_at_gmail.com>
Date: Mon, 18 Aug 2014 17:07:57 -0700 (PDT)

Hello Eliezer, thank you for your response.

I have examined the wireshark pcap of this transaction and will now provide
a more detailed run-through of what's going on. As a summary, the problem is
related to SSL; basically what's going on is I am requesting an SSL page,
the and the ICAP server is redirecting to a non-SSL (plain HTTP) page (just
by modifying the request URL). The connection appears to be getting reset as
the client tries to read SSL from the server.

*Here is the full ICAP request:*

REQMOD icap://127.0.0.1:13440/archangel ICAP/1.0
Host: 127.0.0.1:13440
Date: Mon, 18 Aug 2014 23:15:42 GMT
Encapsulated: req-hdr=0, null-body=575
Preview: 0
Allow: 204

GET
https://search.yahoo.com/search;_ylt=A2KLtgzZhPJT85QAm9ebvZx4?p=dog+biscuits&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-901&fp=1
HTTP/1.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101
Firefox/30.0
Host: search.yahoo.com
Cookie: B=c3lrj0t9v516p&b=3&s=90; HP=1
Via: 1.1 localhost (squid/3.2.11)
Surrogate-Capability: localhost="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 127.0.0.1
Cache-Control: max-age=0

*and here is the full ICAP response:*

ICAP/1.0 200 OK
Date: Mon, 18 Aug 2014 23:15:42 GMT
ISTag: i16FID6HcIdc9AbGie8d03f1Ij5dejcj
Encapsulated: req-hdr=0, null-body=545
Server: BaseICAP/1.0 Python/2.7.8

GET
http://192.168.1.145:8089/blockpage.php?category=Banned+URL+Regex&criteria=dog.%2Abiscuits
HTTP/1.1
via: 1.1 localhost (squid/3.2.11)
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate
x-forwarded-for: 127.0.0.1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101
Firefox/30.0
host: search.yahoo.com
cookie: B=c3lrj0t9v516p&b=3&s=90; HP=1
cache-control: max-age=0
surrogate-capability: localhost="Surrogate/1.0 ESI/1.0"

The page 192.168.1.145:8089 is the local php blockpage. The banned URL regex
criteria is the regex dog.*biscuits.

I am not sure what is going on. Here is what works so far: if I do a reqmod
on a non-SSL page and it blocks, then it goes through OK. If I do a respmod
on either a non-SSL page or an SSL-page and feed the content back, it goes
through OK and I see the blockpage. The only thing that doesn't work is if I
do a reqmod and it tries to redirect me to the blockpage. And this only
happens with transparent proxying. When I have my server set up for a manual
proxy, it works fine; the blockpage shows up OK. Why would it behave
differently running as a transparent proxy?

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTP-HTTPS-transparent-proxy-doesn-t-work-tp4667193p4667254.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue Aug 19 2014 - 00:08:00 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 19 2014 - 12:00:05 MDT