This is a discussion on RE: [squid-users] Transparent HTTP changes to HTTPS - squid ; now only transperant proxy does not work. u must do SNAT so called ip masquerade.otherwise users will face so much problems when doing sms, mail checking on hotmail. and some other sites which need any other port connectivity rather 80. ...
now only transperant proxy does not work.
u must do SNAT so called ip masquerade.otherwise users will face so much
problems when doing sms, mail checking on hotmail. and some other sites
which need any other port connectivity rather 80.
or another solution is dont use transperant proxy.
>From: "Pat Emerick"
>To: "Elsen Marc"
>Subject: RE: [squid-users] Transparent HTTP changes to HTTPS
>Date: Sat, 31 Jan 2004 12:25:52 -0600
>Marking packets is done by IPTables
>All port 80 traffic is sent to the proxy with a mark on it.
>Failure is observed when a user attempts to purchase online.
>Session starts at HTTP site then gets redirected on that site to an
>After a time the session fails - "Cannot not find server or DNS error"
>So, session is established and allowed then, in same session the port
>changes to 443.
>When this happens the session fails.
>Some times the user can refresh and/or go "back" then "forward" and the
>connection is restored.
>It feels like a cache problem? But not always.
> > Anyone suggest a solution?
> > Have:
> > Transparent proxy, single machine, cache & accel are on.
> > We mark HTTP packets at the gateway so they go the proxy.
> What do you mean by 'mark' ?
> Which software or whatever tool at the gateway does this ?
> So basic : how is this marking 'organized' ?
> > HTTPS are not
> > marked
> > Mark is removed when squidGuard passes them back to the gateway.
> > Have ACL CONNECT for HTTPS
> > Have httpd_accel_host virtual
> > Have httpd_accel_port 80
> > Have httpd_accel_single_host off
> > Have httpd_accel_with_proxy on
> > Have httpd_accell_uses_host_header on
> > All work great except when a HTTP url points or changes to a
> > HTTPS url.
> When it does not work ?
> How is this observed ?
> Which errors e.g. are seen ?
> > Direct HTTPS goes, no problem.
> > Thank you,
> > Pat
Add photos to your e-mail with MSN 8. Get 2 months FREE*.