[squid-users] iOS 10.x, https and squid

Eugene M. Zheganin emz at norma.perm.ru
Tue Nov 1 18:47:08 UTC 2016


Does anyone have issues with iOS 10.x devices connecting through proxy 
(3.5.x) to the https-enabled sites ? Because I do. Non-https sites work 
just fine, but https ones just stuck on loading. First I thought that 
this is a problem with sslBump and disabled it, but this didn't help. I 
got in access log this:

1478024222.324     48 TCP_DENIED/407 4388 CONNECT 
www.cisco.com:443 - HIER_NONE/- text/html
1478024222.373      0 TCP_DENIED/407 4649 CONNECT 
www.cisco.com:443 - HIER_NONE/- text/html
1478024222.468     53 TCP_TUNNEL/200 0 CONNECT 
www.cisco.com:443 emz HIER_DIRECT/2a02:26f0:18:185::90 -

and when requesting http version:

1478024355.685     69 TCP_MISS/200 14297 GET 
http://www.cisco.com/ emz HIER_DIRECT/2a02:26f0:18:19e::90 text/html
1478024355.885     47 TCP_MISS/304 335 GET 
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
1478024355.910     45 TCP_REFRESH_UNMODIFIED/304 341 GET 
emz HIER_DIRECT/ application/javascript
1478024355.942      0 TCP_DENIED/407 6611 GET 
- HIER_NONE/- text/html
1478024355.969     60 TCP_MISS/304 335 GET 
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css

[...lots of other access stuff...]

Some may think "dude, you just misconfigured your squid". But the thing 
is, other browsers just work (and I don't have MacBook to test if 
laptops will), I have a couple of iPhones, they don't work. Funny thing: 
with disabled authentication (when my iphone IP is allowed) the browser 
on iOS loads https sites just fine.



More information about the squid-users mailing list