On Fri, Apr 25, 2008, Nick Duda wrote: > So it looks like WCCP with an ASA (or some other Cisco WCCP2 supporting > device) and Squid (v3?) can only do port 80 interception huh....blah
Squid-3's support is for pulling apart an SSL stream into non-SSL and re-encrypting it afterwards. You don't -have- to do that - it'd be mostly trivial to write a basic TCP tunnel in Squid -just- for intercepting arbitrary TCP ports to do basic ACLs (eg source/dest IP; throw request into a CONNECT to an upstream proxy, etc) - but noone's written it for Squid-2. The big question is - why do you want to intercept port 443? Adrian > > > > -----Original Message----- > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 24, 2008 11:53 PM > To: Nick Duda > Cc: Squid-users > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > On Thu, Apr 24, 2008, Nick Duda wrote: > > I've googled and saw some stuff but nothing that I can really make sense of. > > > > We have successfully designed (and its working) 2 squid transparent proxy > > servers, both WCCP to an ASA working as failover (if squid dies on one > > proxy the other one starts taking the redirects from the ASA). The only > > problem is that we cant figure out how to get HTTPS requests redirected > > from the ASA to the proxy (using WCCP). Does anyone know how this can > > happen? Do I need to use dynamic's instead of standards for WCCP? (Ive > > tried, without success). > > > > I really cant imagine that all this WCCP with a web-cache can not work with > > HTTPS (that would suck) > > Squid-2 doesn't support any form of HTTPS "interception". > > I could probably be twisted to implement a basic tunnel just for supporting > intercepted requests (so you can do very basic ACL processing on them.) > > > > Adrian > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support > - > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
