Rakesh Jha wrote:
Hi, I have following scenario -Client-->squid--->Proxy--->Stateful Inspection--> Squid Parent-------->ISP2 Firewall Firewall | (two NIC config) | |-->ISP1 From Squid I am contacting parent squid at tcp port 3128 and it is allowed through both firewalls. This arrangements works perfectly for http traffic but I cannot login to hotmail or can not go to site with https. The idea behind this is that I want to use second ISP without complicating my configuration. The HTTP traffic goes perfectly through ISP2 but have problem with HTTPS. When I change never_direct to always_direct https works but then it not using ISP2. Any help?
I would have to guess this is related to how you are balancing the traffic between the two NICs on the parent Squid. Many HTTPS services don't like a connection to bounce between two client IPs. I'd suggest biasing your HTTPS traffic to one ISP (either by using tcp_ougoing_address in the parent Squid configuration file, or by the routing rules on the box) and see it that fixes things.
For using ISP1 I have other squid box which has default route to Proxy firewall. My squid.conf on the client side squid proxy is as following - acl bb-itsup src 10.10.56.0/255.255.255.0 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 never_direct allow bb-itsup never_direct allow CONNECT
Or you could eliminate this never_direct line which would allow CONNECT requests to bypass the parent proxy, while pushing all other requests through it.
http_access allow localhost http_access allow bb-itsup #always_direct allow bb-itsup http_access deny all Thanks & regards, Rakesh
Chris
