Adrian Chadd wrote:
On Wed, Nov 07, 2007, Dalibor Dukic wrote:
OK, but when I put proxy settings manually in browser even for SSL,
SQUID will just start passing data from client to server. I can't do
this with WCCP ?
No. The browser wraps up the SSL requests in a normal HTTP request ("CONNECT");
transparently intercepted SSL requests look like SSL and not like HTTP.
Squid knows about the former but not currently about the latter.
You should investigate the TPROXY Squid integration which, when combined
with a correct WCCPv2 implementation and compatible network design,
will allow your requests to look like they're coming from your client
IPs.
Does TPROXY functionality requires any modification to kernel code
especially netfilter part?
Yes.
I think this would solve the problems I facing with. I'll try this if
this is only solution and give info to group.
Good luck!
This issue appears to be a direct interception corrollary to the
SSL-bump recently sponsored for inclusion into squid3.1.
Perhapse with some additional sponsorship someone with SSL experience
will find the time to do the interception-tunnelling side of it.
Amos
