[squid-users] iOS 10.x, https and squid

Yuri Voinov yvoinov at gmail.com
Tue Nov 1 19:12:29 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


02.11.2016 0:47, Eugene M. Zheganin пишет:
> Hi.
>
> Does anyone have issues with iOS 10.x devices connecting through proxy
(3.5.x) to the https-enabled sites ? Because I do. Non-https sites work
just fine, but https ones just stuck on loading. First I thought that
this is a problem with sslBump and disabled it, but this didn't help. I
got in access log this:
>
> 1478024222.324     48 192.168.243.10 TCP_DENIED/407 4388 CONNECT
www.cisco.com:443 - HIER_NONE/- text/html
> 1478024222.373      0 192.168.243.10 TCP_DENIED/407 4649 CONNECT
www.cisco.com:443 - HIER_NONE/- text/html
> 1478024222.468     53 192.168.243.10 TCP_TUNNEL/200 0 CONNECT
www.cisco.com:443 emz HIER_DIRECT/2a02:26f0:18:185::90 -
>
> and when requesting http version:
>
> 1478024355.685     69 192.168.243.10 TCP_MISS/200 14297 GET
http://www.cisco.com/ emz HIER_DIRECT/2a02:26f0:18:19e::90 text/html
> 1478024355.885     47 192.168.243.10 TCP_MISS/304 335 GET
http://www.cisco.com/etc/designs/cdc/clientlibs/responsive/css/cisco-sans.min.css
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
> 1478024355.910     45 192.168.243.10 TCP_REFRESH_UNMODIFIED/304 341
GET
http://players.brightcove.net/1384193102001/NJgI8K0ie_default/index.min.js
emz HIER_DIRECT/2.22.40.126 application/javascript
> 1478024355.942      0 192.168.243.10 TCP_DENIED/407 6611 GET
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/custom-fonts/cisco-sans.min.css
- HIER_NONE/- text/html
> 1478024355.969     60 192.168.243.10 TCP_MISS/304 335 GET
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/css/cisco-sans.min.css
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
>
> [...lots of other access stuff...]
>
> Some may think "dude, you just misconfigured your squid". But the
thing is, other browsers just work (and I don't have MacBook to test if
laptops will), I have a couple of iPhones, they don't work. Funny thing:
with disabled authentication (when my iphone IP is allowed) the browser
on iOS loads https sites just fine.
Use interception proxy, Luke :) For iPhones :)
>
> Thanks.
>
> Eugene.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGOkcAAoJENNXIZxhPexGmOUH/1zTdrYouHq0Ca+34IWSz07k
gP3bPhOWSnjIDmdI0emWmexzYyPeazLnLau7PwZ4EBwgAKgfZAADYCBtQt+B9ZKz
4zr1ETnV3QSYmd3RVt++BF1FyPiyexYDlvWuxkLrMOFm0E3V4gr786eaP872rhuN
RehPQMcGLahI440/KyCR+pxHd030qo6zWOHf+V1E2W+bkCOrQQAUjAe5rySbZHD1
x71kr3OeIptmt89Q9F9GuXLwtiUS+okbcIzVv6xT48RNAz1h7WEA6gqMYyJRxeqZ
2BSOlQ7ehj411KPNM1ipzP0CrCrfC+M5Qr0bpKZ4gsZOlKHxgOBLR5tC4aVyqlQ=
=hT2y
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161102/feaf6a5b/attachment.key>

More information about the squid-users mailing list