LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-20-2008, 03:48 AM   #1
sci3ntist
Member
 
Registered: Dec 2006
Distribution: Debian,Slackware,FreeBSD,CentOS,Red Hat,Windows Server 2008
Posts: 133

Rep: Reputation: 16
Https Shorewall Problem


I configured shorewall and squid, and created two zones, and rules to bind http connections to squid, but i got a problem with https connections port 443 and here is my rules config file:

# This is for squid and is working well
REDIRECT loc 3128 tcp - !192.168.0.254
# for https
ACCEPT loc net tcp https
ACCEPT net loc tcp https
ACCEPT net $FW tcp https
 
Old 01-21-2008, 02:53 AM   #2
jimbo1954
Member
 
Registered: Oct 2006
Location: High Wycombe, Bucks, UK.
Distribution: Debian and Fedora Core in equal measure
Posts: 264

Rep: Reputation: 33
Hmmm...think about what https is trying to do....it wants to set up an encrypted session between client and server, but you are trying to interpose a proxy between them....looks a bit like a "man-in-the-middle" attack to the https devices, so the session is not established. You need to tunnel the https, but beware, once tunnelled through squid, squid can't interpret any of the traffic or act on it, 'cos it can't see it "inside" the tunnel.

From the FAQ: http://www.comfsm.fm/computing/squid/FAQ-1.html#ss1.12

"As of version 2.5, Squid can terminate SSL connections. This is perhaps only useful in a surrogate (http accelerator) configuration. You must run configure with --enable-ssl. See https_port in squid.conf for more information.

Squid also supports these encrypted protocols by ``tunelling'' traffic between clients and servers. In this case, Squid can relay the encrypted bits between a client and a server.

Normally, when your browser comes across an https URL, it does one of two things:


The browser opens an SSL connection directly to the origin server.
The browser tunnels the request through Squid with the CONNECT request method.

The CONNECT method is a way to tunnel any kind of connection through an HTTP proxy. The proxy doesn't understand or interpret the contents. It just passes bytes back and forth between the client and server. For the gory details on tunnelling and the CONNECT method, please see RFC 2817 and Tunneling TCP based protocols through Web proxy servers (expired)."

RTFM. Google is your friend.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
https problem... culin Linux - Networking 7 01-31-2007 12:32 AM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
HTTPS Webpages Problem z_moghal Linux - Networking 1 12-05-2005 10:50 AM
HTTPS problem Swift&Smart Linux - Software 10 10-18-2003 12:50 PM
Problem with https kired Linux - Newbie 2 03-23-2003 02:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration