[squid-dev] [PATCH] Fix external_acl problems
Amos Jeffries
squid3 at treenet.co.nz
Mon Feb 1 14:23:28 UTC 2016
On 2/02/2016 2:32 a.m., Dave Lewthwaite wrote:
> Hi Christos,
>
> Sorry my apologies - I had my build env a bit mixed up. Anyway I’ve cleared that down and re-applied the patch - it’s all working now which is excellent news (http_port / CONNECT and https_port / transparent/intercept).
>
Hurrah! :-)
> For clarity -
>
> Reviewion: squid-4.0.4-20160111-r14487
> Patch applied cleanly with
> patch -p0 < ../cert_subject_gone-t4.patch
>
>
> It wouldn’t apply cleanly to the latest nightly.
>
> May be related - the %>ru field in the ACL is now logged as host:port for http_port/CONNECT and ip:port for https_port/transparent - is the ‘:port’ expected? If so then I will modify our external ACL to strip it off before performing comparison.
>
It should show what was received from the client.
CONNECT request is expected to have IP:port or host:port depending on
what info is available. Due to SNI intercepted port 443 traffic may be
either IP:port or sni:port on the synthetic CONNET request.
Other requests with URL scheme:// are expected to omit the :port if it
is the registered default port for that scheme (ie https:// means no
":443", http:// no ":80", ftp:// no ":21", etc) but otherwise always
include the :port.
> When are you targeting 4.0 to be released?
>
The next beta (4.0.5) should be out in the next few days.
4.1 (stable) will be out as soon as we have a 10 day period with no
major bugs existing and no new bugs being found. No certain timeline on
when that will occur.
Amos
More information about the squid-dev
mailing list