All of our web traffice goes via a Squid proxy (super default installation without anything special), which resides on the very same linux box as openfire 3.3.
Everything is smooth but the admin gui via https: on port 9091 is not accessible when running over the Squid.
After five years of squid this is the very first site that I disvovered that does not work via our proxy and then it is one of our own services!
Tested with IE6 and Firefox 2.latest.
Just to let you know. For me it is not major as there is no need to connect to the local server via a proxy but it could bite somebody else.
what do you mean with “not accessible”? A normal squid config allows HTTP CONNECT only to port 443 and forbids this to access to any other port. A browser uses HTTP CONNECT for https:// URL’'s, http://yourserver:9091/ should return you an octet-stream which tries to initiate an SSL connection.
Although I think I got a clue (= Squid allows by default https only on the default port of 443) I have to confess, that I did not understand what you were saying.
it2000 wrote:
Hi,
what do you mean with “not accessible”? A normal squid config allows HTTP CONNECT only to port 443 and forbids this to access to any other port. A browser uses HTTP CONNECT for https:// URL’'s, http://yourserver:9091/ should return you an octet-stream which tries to initiate an SSL connection.
“…allows…only to port 443…” but this is only valid for httpS, as I am 100% sure I can also access port 80!
What do you mean by “and fordbids this to access” ? What is “this” referring to?
fixed 2. which was a nice demonstration of a little bit of bad English.
@1. Yes you can connect to port 80 and you can also connect to port 9090. But you are using a normal HTTP GET/POST proxy request for his connection and not HTTP CONNECT.
If you “tail -f var/logs/access.log” you’'ll see that https://… browser requests will be logged with “CONNECT server:443” without the path information.