[squid-users] HTTPS through http proxy
Amos Jeffries
squid3 at treenet.co.nz
Tue Dec 6 00:04:33 UTC 2016
On 6/12/2016 6:40 a.m., Blaxton wrote:
> Hi
>
> So I understand that using connect method https connection can pass
> through http proxy
> but I am seeing strange behavior and thought some one here might help
> me to find
> the problem we are facing.
>
> I am using simple java app to test https connectivity through http proxy:
> http://alvinalexander.com/blog/post/java/simple-https-example
>
> If we run below command agains squid running on RedHat:
> java -Dhttp.proxyHost=webcache.example.com -Dhttp.proxyPort=808
> JavaHttpsExample
> connection fails , and Squid log file won't even log any thing in log
> file.
That means you either have a very old Squid, or the transaction is not
completed yet as far as Squid is aware. Transactions only get logged on
completion, in this case when the CONNECT tunnel connection is closed by
one of the remove endpoints (client or server). It is not uncommon to
have tunnels stay open all day with HTTPS traffic going back and forward
unseen.
The recent Squid releases log failed client connections that did not
have any HTTP message received. So you can see if the failure happened
before HTTP happened.
> but if we run:
> java -Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080
> JavaHttpsExample
> I get response and a line being recorded in log file.
> And now running the same app against different squid running on Centos,
> I get response from both but nothing being logged with -Dhttp.proxyHost.
see above about logging time.
> Please help.
> If any one has any tips or any simple app to test different aspect of
> https connectivity through squid please let me know.
You can also use recent squidclient tool if it has been built with
GnuTLS support. Or curl with debug tracing. Or wireshark with packet
captures if you know how.
Amos
More information about the squid-users
mailing list