[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

Amos Jeffries squid3 at treenet.co.nz
Mon Sep 21 21:38:01 UTC 2015


On 22/09/2015 7:33 a.m., Yuri Voinov wrote:
> 
> Here is access log when using IE:
> 
> 1442863815.068    785 127.0.0.1 TCP_MISS/302 506 GET
> http://torproject.org/ - FIRSTUP_PARENT/127.0.0.1 text/html
> 1442863816.542 105231 127.0.0.1 TAG_NONE/200 0 CONNECT
> www.torproject.org:443 - HIER_DIRECT/2001:41b8:202:deb:213:21ff:fe20:1426 -
> 1442863821.899 105210 127.0.0.1 TAG_NONE/200 0 CONNECT
> www.torproject.org:443 - HIER_DIRECT/2001:41b8:202:deb:213:21ff:fe20:1426 -
> 
> and then timeout. Sometimes second connect goes to IPv4 address,
> sometimes IPv6.
> 
> When using Chrome/Firefox, session always starts from CONNECT 443 port.

Aha. I see what you mean. The HTTP response contains no HSTS header, but
redirects to https://. The response to the first HTTPS request then
contains HSTS.

Next details to look for is the peer-selection output and HTTP message
details:
 debug_options ALL,0 44,2 11,2


Amos


More information about the squid-users mailing list