[squid-dev] Support forward unknown protocol using http port which redirected to squid
rousskov at measurement-factory.com
Fri Mar 17 14:55:13 UTC 2017
On 03/17/2017 01:06 AM, 钱国正 wrote:
> I am using squid as a transparent proxy in Router,
> redirecting data which destination port is 80 to squid,
> and it work fine for a long time, just days before, I found there is one
> case that will not make the mobile app not work.
> The case is the mobile app using 80 port with non-http nor https protocol.
> I have searched a lot on that and found an on_unsupported_protocol, but
> apparently, not for this case.
According to documentation, on_unsupported_protocol does support your
use case. If that support is broken, please consider fixing it (since
you are now posting to squid-dev and not squid-users).
The ConnStateData::mayTunnelUnsupportedProto() method may be relevant
here -- make sure it returns true for your use case (without breaking
other use cases). I suspect the condition in that method is currently
buggy because it does not seem to cover intercepted plain HTTP
connections where Squid ought to know the intended destination address:
> return Config.accessList.on_unsupported_protocol
> #if USE_OPENSSL
> ((port->flags.isIntercepted() && port->flags.tunnelSslBumping)
> || (serverBump() && pinning.serverConnection))
More information about the squid-dev