powered by Jive Software

Squid does not like the admin gui via https

Hello!

All of our web traffice goes via a Squid proxy (super default installation without anything special), which resides on the very same linux box as openfire 3.3.

Everything is smooth but the admin gui via https: on port 9091 is not accessible when running over the Squid.

After five years of squid this is the very first site that I disvovered that does not work via our proxy and then it is one of our own services!

Tested with IE6 and Firefox 2.latest.

Just to let you know. For me it is not major as there is no need to connect to the local server via a proxy but it could bite somebody else.

Bye

Starry

Hi,

what do you mean with “not accessible”? A normal squid config allows HTTP CONNECT only to port 443 and forbids this to access to any other port. A browser uses HTTP CONNECT for https:// URL’'s, http://yourserver:9091/ should return you an octet-stream which tries to initiate an SSL connection.

LG

this to => this to

Hello!

Thanks for your reply!

Although I think I got a clue (= Squid allows by default https only on the default port of 443) I have to confess, that I did not understand what you were saying.

it2000 wrote:

Hi,

what do you mean with “not accessible”? A normal squid config allows HTTP CONNECT only to port 443 and forbids this to access to any other port. A browser uses HTTP CONNECT for https:// URL’'s, http://yourserver:9091/ should return you an octet-stream which tries to initiate an SSL connection.

  1. “…allows…only to port 443…” but this is only valid for httpS, as I am 100% sure I can also access port 80!

  2. What do you mean by “and fordbids this to access” ? What is “this” referring to?

Bye

Starry

Hi Starry,

fixed 2. which was a nice demonstration of a little bit of bad English.

@1. Yes you can connect to port 80 and you can also connect to port 9090. But you are using a normal HTTP GET/POST proxy request for his connection and not HTTP CONNECT.

If you “tail -f var/logs/access.log” you’'ll see that https://… browser requests will be logged with “CONNECT server:443” without the path information.

LG

Hello!

Thanks, now I got it completely.

Sidenote: More than likely one will find this *.log under /var/log/squid/…

Bye

Starry