[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?
Yuri Voinov
yvoinov at gmail.com
Wed Sep 16 15:42:43 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sure.
I've tried all possible combinations.
Including this:
# SSL bump rules
sslproxy_cert_error allow all
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.*
ssl_bump splice NoSSLIntercept
ssl_bump bump all
# Privoxy+Tor access rules
never_direct allow CONNECT
never_direct allow tor_url
always_direct deny tor_url
always_direct allow all
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
cache_peer_access 127.0.0.1 allow CONNECT
cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all
The problem is:
I need to forward ro parent AND combination for CONNECT and tor_url ACL.
Something like this:
# Privoxy+Tor access rules
never_direct allow CONNECT tor_url
never_direct allow tor_url
always_direct deny tor_url
always_direct allow all
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
cache_peer_access 127.0.0.1 allow CONNECT tor_url
cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all
But this also doesn't work.
I'e., most queries must outgoing via Squid, with SSL Bump if needed, but
selected URLs must goes via cache_peer to Tor, both HTTP/HTTPS, and
HTTPS without bumping.
Can't understand how to achieve this.
16.09.15 21:34, Amos Jeffries пишет:
> On 17/09/2015 3:18 a.m., Yuri Voinov wrote:
>>
>> This:
>>
>> http://osdir.com/ml/web.squid.general/2003-04/msg00800.html
>>
>> does not work.
>
> Do you have always_direct rules that match the request(s)?
> or "nonhierarchical_direct on" ?
>
> The order of invocation is:
>
> nonhierarchical_direct (on means dont use peers for methods which are
> uncacheable)
>
> always_direct (allow means dont use peers at all)
>
> never_direct (allow means dont use DIRECT/ORIGINAL_DST)
>
> prefer_direct (on means use peers as last resort)
>
> cache_peer_access (deny means dont use this peer)
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJV+Y3yAAoJENNXIZxhPexGlmcH/3tBQvK14s468GAoc2KfeojA
8o9tL4YvLwRFKabmROtAdaZgOoYuBixHeHAa8Z1G3TezTmFxpg7MntT7mg0K/O1W
KXM5pOkjMnGFjCrHyVxHH3Lrcb3lDLO3BpHkeV8531KMinizQyroAb260gvI+r71
Q63nVT5hOaRlFgoIQX35eJc3bdAMH6To4mS8xws7djZnpB2XBlQt7wDCRxhy8gm5
1eoeP9rBdX71IGK1HutqnmVOjjKkobPD3TlFXdtm3KoUOLfz0OCa3zbfw+S7p2D7
AqvXvXVCvUVPgyzFp+TsDsI/7twEhjvGTsLeNbppojfVxMAIf25t0F9YxG443fs=
=XZT8
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list