[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?
Amos Jeffries
squid3 at treenet.co.nz
Mon Sep 21 19:15:02 UTC 2015
On 22/09/2015 6:25 a.m., Yuri Voinov wrote:
>
> This is dig result:
>
> ;; ANSWER SECTION:
> torproject.org. 3600 IN A 93.95.227.222
> torproject.org. 3600 IN A 154.35.132.70
> torproject.org. 3600 IN A 86.59.30.40
> torproject.org. 3600 IN A 82.195.75.101
> torproject.org. 3600 IN A 38.229.72.16
>
> This IP is banned. Completely. Outgoing packets are dropped by ISP.
>
> So this is critical to forward ALL session, starting with first packet,
> into Privoxy, and, then to Tor tunnel.
>
> Otherwise session can't be established.
>
> The problem enforces with HSTS onto torproject.org URL. Completely
> HTTPS. From first GET request.
>
> This can be solved with Tor Browser itself, but I want to find common
> solution.
>
> This is very simple. Complete HTTPS session must be forward to parent
> proxy at whole. Because of only HTTP's forwarding possibility is
> meaningless in HSTS-enabled world.
HSTS is opt-out. Strip the *response* header on the first contact and it
disappears.
>
> This is feature request, Amos. Otherwise Squid lacks some critical
> functionality.
>
Feature request implies something that is not supported being added.
CONNECT relay already is supported and works well for many others, just
apparently not for you.
... why?
Amos
More information about the squid-users
mailing list