[squid-users] Squid 4.x: Intermediate certificates downloader
Alex Rousskov
rousskov at measurement-factory.com
Tue Jan 24 18:16:48 UTC 2017
On 01/24/2017 10:48 AM, Yuri Voinov wrote:
> It seems 4.0.17 tries to download certs but gives deny somewhere.
> However, same URL with wget via same proxy works
> Why?
Most likely, your http_access or similar rules deny internal download
transactions but allow external ones. This is possible, for example, if
your access rules use client information. Internal transactions (ESI,
missing certificate fetching, Cache Digests, etc.) do not have an
associated client.
The standard denial troubleshooting procedure applies here: Start with
finding out which directive/ACL denies access. I am _not_ implying that
this is easy to do.
HTH,
Alex.
More information about the squid-users
mailing list