On Fri, Apr 25, 2008, Nick Duda wrote: > I know what your saying.....let me inspect the packets for a few minutes, > maybe the https requests are also calling http images or something.....but > yea, I know what your saying :)
:P As I said, it wouldn't be difficult to be a straight TCP proxy, with a little bit of "wrapping" to allow it to be forwarded to an upstream proxy via CONNECT. Its not as much as what Squid-3 can do but its certainly enough for basic ACLs, and its a good starting point for other kinds of TCP data processing. Adrian > > -----Original Message----- > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > Sent: Friday, April 25, 2008 10:06 AM > To: Nick Duda > Cc: 'Adrian Chadd'; Squid-users > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > Hm. How is your squid caching HTTPS? :) > > > > Adrian > > On Fri, Apr 25, 2008, Nick Duda wrote: > > We use out squid proxies for 2 things, one of them is minor and can be done > > without if needed.. > > > > 1.) We use Smartfilter on it. Content filtering. > > 2.) Caching (obviously). The biggest thing we cache is an internal tool > > that a callcenter we have uses. About 400 people bang on an IIS website > > that lives in another remote site constantly. They bang on this via HTTPS > > and we found that caching this content on the local squid proxy was saving > > us about 3-4mb average traffic. A good portion of these requests are images > > (decent size) > > > > > > > > -----Original Message----- > > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > > Sent: Friday, April 25, 2008 9:56 AM > > To: Nick Duda > > Cc: 'Adrian Chadd'; Squid-users > > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > > > On Fri, Apr 25, 2008, Nick Duda wrote: > > > So it looks like WCCP with an ASA (or some other Cisco WCCP2 supporting > > > device) and Squid (v3?) can only do port 80 interception huh....blah > > > > Squid-3's support is for pulling apart an SSL stream into non-SSL and > > re-encrypting it afterwards. > > > > You don't -have- to do that - it'd be mostly trivial to write a basic > > TCP tunnel in Squid -just- for intercepting arbitrary TCP ports to do > > basic ACLs (eg source/dest IP; throw request into a CONNECT to an upstream > > proxy, etc) - but noone's written it for Squid-2. > > > > The big question is - why do you want to intercept port 443? > > > > > > > > Adrian > > > > > > > > > > > > > > -----Original Message----- > > > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, April 24, 2008 11:53 PM > > > To: Nick Duda > > > Cc: Squid-users > > > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > > > > > On Thu, Apr 24, 2008, Nick Duda wrote: > > > > I've googled and saw some stuff but nothing that I can really make > > > > sense of. > > > > > > > > We have successfully designed (and its working) 2 squid transparent > > > > proxy servers, both WCCP to an ASA working as failover (if squid dies > > > > on one proxy the other one starts taking the redirects from the ASA). > > > > The only problem is that we cant figure out how to get HTTPS requests > > > > redirected from the ASA to the proxy (using WCCP). Does anyone know how > > > > this can happen? Do I need to use dynamic's instead of standards for > > > > WCCP? (Ive tried, without success). > > > > > > > > I really cant imagine that all this WCCP with a web-cache can not work > > > > with HTTPS (that would suck) > > > > > > Squid-2 doesn't support any form of HTTPS "interception". > > > > > > I could probably be twisted to implement a basic tunnel just for > > > supporting > > > intercepted requests (so you can do very basic ACL processing on them.) > > > > > > > > > > > > Adrian > > > > > > -- > > > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid > > > Support - > > > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - > > > > -- > > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid > > Support - > > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support > - > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
