squid?

Darin Perusich Darin.Perusich at cognigencorp.com
Thu Aug 14 15:26:51 EDT 2003 

there are about 30 https sites, all of which are test sites on our 
internal network.

Cyber Source wrote:
> just quickly because I am real busy but here is an excerpt from one of 
> my squid setups, it has no problem getting to https sites,
> acl all src 192.168.1.1/192.168.1.255
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 23 25 110 143 1024 1025-65535
> acl Safe_ports port 23
> acl Safe_ports port 1024
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443 563     # https, snews
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> 
> Is it just one site? or all https sites?
> 
> 
> On Thu, 2003-08-14 at 14:33, Darin Perusich wrote:
> 
>>does anyone have an experience proxying https with squid? i have a squid 
>>  running in httpd_accelerator mode and working great for http traffic 
>>but the https is not behaving correctly. when the request gets to squid 
>>it's doing "GET http://test.cognigencorp.com:443/" instead of "GET 
>>https://test.cognigencorp.com/".
>>
>>i've set things up so that you don't need to set any proxy settings in 
>>the browser, you just type in the url and go. i'm accomplishing this 
>>with split-horizon dns zones. i can explain this in more detail if 
>>anyone is interested.
>>
>>i've attached the squid.conf, the majority of these options are 
>>defaults. i've modified http_port, https_port, acl vpn_network, 
>>http_access, httpd_accel_host, httpd_accel_port, httpd_accel_with_proxy, 
>>and httpd_accel_uses_host_header.
>>
>>thanks
>>
> -- 
> Cyber Source <peter at thecybersource.com <mailto:peter at thecybersource.com>>
> 
> 


-- 
Darin Perusich
Unix Systems Administrator
Cognigen Corp.
darinper at cognigencorp.com

More information about the nflug mailing list