RE: [squid-users] Squid + WCCP + HTTPS Authentication Dilemma (Closed) from David Stout on 2004-03-22 (squid-users)

From: David Stout <d.stout@dont-contact.us>
Date: Mon, 22 Mar 2004 11:32:28 -0000

I just re-enabled the WCCP redirection on the router so I could take the
network capture and it worked. I can only assume a stale DNS record /
Firewall session problem was to blame.

Many thanks for the link Val. It confirmed what my original hypothesis
was :)

Regards

David Stout
Traffic Shapers
EMail : d.stout@trafficshapers.co.uk
Mobile: +44 (0) 7919 442023
WWW : http://www.trafficshapers.co.uk

-----Original Message-----
From: Valton Hashani [mailto:valton@ipko.org]
Sent: 22 March 2004 10:33
To: David Stout
Subject: Re: [squid-users] Squid + WCCP + HTTPS Authentication Dilemma

http://geocities.com/tukapr/slbtranscache.html

Valton Hashani

----- Original Message -----
From: "David Stout" <d.stout@trafficshapers.co.uk>
To: <squid-users@squid-cache.org>
Sent: Monday, March 22, 2004 10:46 AM
Subject: [squid-users] Squid + WCCP + HTTPS Authentication Dilemma

> Now before I get flamed, I am on a tight timeline and am also reading
> through the archives to try to find a solution, but I would appreciate

> any help I can get on this matter.
>
> We have a caching product that uses a Squid cache as it's main proxy
> (Stratacache) and on the recommendation of the manufacturer we have
> installed a Cisco Router to process the WWW traffic and redirect it to

> the cache using WCCP.
>
> This solution worked excellenty and performed really well.
>
> The problem came from the fact we could no longer connect to any
> websites requiring a HTTPS connection. No yahoo mail no hotmail would
> work. So originally I noticed that our firewall was sending HTTP
> traffic to the internet using it's management public IP address, and
> all HTTPS traffic was going via the NAT rules in the firewall. This
> would mean the web server would seen HTTP and HTTPS from different
> public IP's and close the connection. I have since corrected this
> minor issue so that the authenticating web servers will see the HTTP
> and HTTPS traffic from the same public IP address.
>
> I am unable to find out from the Cisco web site if the router is
> forwarding the HTTPS to the cache (I am installing a sniffer today so
> I'll get back to you on that).
>
> Now it stikes me as odd that this would happen on every WCCP + Squid
> install but there seems no immediate solution (I am trawling the
> archives as well though in case I missed it (although search didn't
> throw up too much)).
>
> Any help or advice would be appreciated.
>
> David Stout
> Traffic Shapers
> EMail : d.stout@trafficshapers.co.uk
> WWW : http://www.trafficshapers.co.uk
>
>
>
Received on Mon Mar 22 2004 - 04:31:22 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST