I know what your saying.....let me inspect the packets for a few minutes, maybe the https requests are also calling http images or something.....but yea, I know what your saying :)
-----Original Message----- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: Friday, April 25, 2008 10:06 AM To: Nick Duda Cc: 'Adrian Chadd'; Squid-users Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect Hm. How is your squid caching HTTPS? :) Adrian On Fri, Apr 25, 2008, Nick Duda wrote: > We use out squid proxies for 2 things, one of them is minor and can be done > without if needed.. > > 1.) We use Smartfilter on it. Content filtering. > 2.) Caching (obviously). The biggest thing we cache is an internal tool that > a callcenter we have uses. About 400 people bang on an IIS website that lives > in another remote site constantly. They bang on this via HTTPS and we found > that caching this content on the local squid proxy was saving us about 3-4mb > average traffic. A good portion of these requests are images (decent size) > > > > -----Original Message----- > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > Sent: Friday, April 25, 2008 9:56 AM > To: Nick Duda > Cc: 'Adrian Chadd'; Squid-users > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > On Fri, Apr 25, 2008, Nick Duda wrote: > > So it looks like WCCP with an ASA (or some other Cisco WCCP2 supporting > > device) and Squid (v3?) can only do port 80 interception huh....blah > > Squid-3's support is for pulling apart an SSL stream into non-SSL and > re-encrypting it afterwards. > > You don't -have- to do that - it'd be mostly trivial to write a basic > TCP tunnel in Squid -just- for intercepting arbitrary TCP ports to do > basic ACLs (eg source/dest IP; throw request into a CONNECT to an upstream > proxy, etc) - but noone's written it for Squid-2. > > The big question is - why do you want to intercept port 443? > > > > Adrian > > > > > > > > > -----Original Message----- > > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > > Sent: Thursday, April 24, 2008 11:53 PM > > To: Nick Duda > > Cc: Squid-users > > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > > > On Thu, Apr 24, 2008, Nick Duda wrote: > > > I've googled and saw some stuff but nothing that I can really make sense > > > of. > > > > > > We have successfully designed (and its working) 2 squid transparent proxy > > > servers, both WCCP to an ASA working as failover (if squid dies on one > > > proxy the other one starts taking the redirects from the ASA). The only > > > problem is that we cant figure out how to get HTTPS requests redirected > > > from the ASA to the proxy (using WCCP). Does anyone know how this can > > > happen? Do I need to use dynamic's instead of standards for WCCP? (Ive > > > tried, without success). > > > > > > I really cant imagine that all this WCCP with a web-cache can not work > > > with HTTPS (that would suck) > > > > Squid-2 doesn't support any form of HTTPS "interception". > > > > I could probably be twisted to implement a basic tunnel just for supporting > > intercepted requests (so you can do very basic ACL processing on them.) > > > > > > > > Adrian > > > > -- > > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid > > Support - > > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support > - > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
