[squid-users] HTTPS through http proxy

Amos Jeffries squid3 at treenet.co.nz
Tue Dec 6 00:04:33 UTC 2016



On 6/12/2016 6:40 a.m., Blaxton wrote:
> Hi
>
> So I understand that using connect method https connection can pass 
> through http proxy
> but I am seeing strange behavior and thought some one here might help 
> me to find
> the problem we are facing.
>
> I am using simple java app to test https connectivity through http proxy:
> http://alvinalexander.com/blog/post/java/simple-https-example
>
> If we run below command agains squid running on RedHat:
> java -Dhttp.proxyHost=webcache.example.com -Dhttp.proxyPort=808 
> JavaHttpsExample
> connection fails , and Squid log file won't even log any thing in log 
> file.

That means you either have a very old Squid, or the transaction is not 
completed yet as far as Squid is aware. Transactions only get logged on 
completion, in this case when the CONNECT tunnel connection is closed by 
one of the remove endpoints (client or server). It is not uncommon to 
have tunnels stay open all day with HTTPS traffic going back and forward 
unseen.

The recent Squid releases log failed client connections that did not 
have any HTTP message received. So you can see if the failure happened 
before HTTP happened.

> but if we run:
> java -Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080 
> JavaHttpsExample
> I get response and a line being recorded in log file.
> And now running the same app against different squid running on Centos,
> I get response from both but nothing being logged with -Dhttp.proxyHost.

see above about logging time.

> Please help.
> If any one has any tips or any simple app to test different aspect of 
> https connectivity through squid please let me know.


You can also use recent squidclient tool if it has been built with 
GnuTLS support. Or curl with debug tracing. Or wireshark with packet 
captures if you know how.

Amos



More information about the squid-users mailing list