[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?
Yuri Voinov
yvoinov at gmail.com
Tue Sep 15 17:45:05 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I want to get the answer the people who did it. And not those that
suggest that they could do it.
15.09.15 23:42, Matus UHLAR - fantomas пишет:
>>> On 15.09.15 22:45, Yuri Voinov wrote:
>>>> Does anyone know - is it possible to send the connection, starting with
>>>> the CONNECT, to cache-peer?
>
>> 15.09.15 23:17, Matus UHLAR - fantomas пишет:
>>> cache_peer_access with proper ACLs should do that.
>>> note that always_direct can avoid it.
>
> On 15.09.15 23:33, Yuri Voinov wrote:
>> Squid working in transparent SSL Bump mode.
>>
>> AFAIK, here is SSL decrypts. AFAIK, decrypted tunnel denied to be
>> forwarded to parent.
>>
>> I need to forward some URLs without decryption to peer. Whole session
>> starting with CONNECT.
>>
>> Problem: Peer must accepts both HTTP and HTTPS connections. Yes, there
>> is Privoxy, which can tunnel CONNECT. How to tell Squid - "Forward this
>> URL and this URL into peer, whenever HTTP or HTTPS"?
>
> disable sslbump (enable "splice") with proper ACLs:
> http://www.squid-cache.org/Doc/config/ssl_bump/
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJV+FkgAAoJENNXIZxhPexG6qMH/0FDG+TuZxeF2oLVPt/oKZSe
H80saCKW3eIgzvkclnLdCetrL0UGl+rmSvM53jrgqe6/x9NnTcapcpbeV2oxMAJv
mcbJ7QM4lJhBJHx3qyiZU0DuKGj9QM0DIoA6i3y8mgoiXNwc0D7DfmOwYrrk6BWw
fBHx3fazZ4DEnMRay+YuzOsdV7eV19Pc7TqnBRyyBfsoYXh9THxZRAXHBelKwPcu
9qvFQQ7wwiEhx+BBakSBwyc9BG1oHfZVQnLKdasalTkJqDYP0bYPVT1HNAvEF0JL
/K9ojVll4vbX8kWuWUArI5ZMLBx21sb3mjev+smB22/5/FKmm7EWNDYuHHjCyjY=
=MzgN
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150915/cc4c425c/attachment.html>
More information about the squid-users
mailing list