[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

Antony Stone Antony.Stone at squid.open.source.it
Tue Sep 15 17:49:25 UTC 2015 

On Tuesday 15 September 2015 at 19:45:05, Yuri Voinov wrote:

> I want to get the answer the people who did it. And not those that
> suggest that they could do it.

I have a suggestion which I hope may help - show us a configuration you have 
tried, following the documentation, and tell us in what way it fails to work 
as expected - then we may be able to show you where the error is.

It's quite significant that in your original question, you did not mention you 
were using Squid in transparent SSL Bump mode, therefore the answer you 
received did not take this into account.

The more information you give us about what you want to achieve, what you've 
done so far, and what goes wrong, the more we are able to help you debug the 
problem.


Regards,


Antony.

> 15.09.15 23:42, Matus UHLAR - fantomas пишет:
> >>> On 15.09.15 22:45, Yuri Voinov wrote:
> >>>> Does anyone know - is it possible to send the connection, starting
> >>>> with the CONNECT, to cache-peer?
> >> 
> >> 15.09.15 23:17, Matus UHLAR - fantomas пишет:
> >>> cache_peer_access with proper ACLs should do that.
> >>> note that always_direct can avoid it.
> > 
> > On 15.09.15 23:33, Yuri Voinov wrote:
> >> Squid working in transparent SSL Bump mode.
> >> 
> >> AFAIK, here is SSL decrypts. AFAIK, decrypted tunnel denied to be
> >> forwarded to parent.
> >> 
> >> I need to forward some URLs without decryption to peer. Whole session
> >> starting with CONNECT.
> >> 
> >> Problem: Peer must accepts both HTTP and HTTPS connections. Yes, there
> >> is Privoxy, which can tunnel CONNECT. How to tell Squid - "Forward this
> >> URL and this URL into peer, whenever HTTP or HTTPS"?
> > 
> > disable sslbump (enable "splice") with proper ACLs:
> > http://www.squid-cache.org/Doc/config/ssl_bump/

-- 
I conclude that there are two ways of constructing a software design: One way 
is to make it so simple that there are _obviously_ no deficiencies, and the 
other way is to make it so complicated that there are no _obvious_ 
deficiencies.

 - C A R Hoare

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list