squid and https URLs

I have installed squid as a non-transparent proxy/cache server with --enable-ssl configuration. It is a child of a parent proxy server proxy1.ut.ac.ir.

Everything is OK for HTTP URLs, but any HTTPS URL is responded by a 404 Server not found (for example for Gmail or https://www.google.com).

This is the access.log entries for opening www.gmail.com:

1279493581.278    544 127.0.0.1 TCP_MISS/302 1136 GET http://mail.google.com/mail/ - DEFAULT_PARENT/proxy1.iut.ac.ir text/html
1279493581.283      0 127.0.0.1 TCP_MISS/404 0 CONNECT www.google.com:443 - DIRECT/- -

And squid in terminal says:

2010/07/18 18:52:27| ipcacheParse: No Address records in response to 'www.google.com'

Here is the squid.conf:

http_port 3128

http_access allow all

cache_peer proxy1.ut.ac.ir parent 3128 0 no-query default no-digest no-netdb-exchange

cache_dir ufs /usr/local/squid/var/cache 100 16 256
coredump_dir /usr/local/squid/var/cache

There is no problem when i set proxy1.ut.ac.ir as the proxy server in browsers so there is nothing wrong in parent proxy server.


Solution 1:

It looks like the server hosting squid can't resolve the name "www.google.com", to me.

The second line in your access.log sample is telling you that squid isn't sending the request to the parent cache, but rather is attempting a direct connection to "www.google.com" (the DIRECT/- is the tip-off). If you want CONNECT requests to be sent to the parent cache, add the never_direct allow CONNECT directive to your squid.conf file and you'll be in business.