[squid-users] tcp_outgoing_address and HTTPS
Alex Rousskov
rousskov at measurement-factory.com
Tue Mar 20 15:35:51 UTC 2018
On 03/20/2018 05:11 AM, Michael Pro wrote:
> Question: how can we break the established channel (unpinn it) along
> the old route and establish a new channel along the new route, when we
> already know how.
Squid supports using multiple sequential connections for the same
from-client request, but not under the conditions you describe.
Moreover, the already supported cases are limited to simpler HTTP/TCP
failures. Complex code modifications would be required to support what
you want for HTTPS, but it is doable, and others have wanted a similar
"peek and then start from scratch" feature.
> I'm willing to pay a large price for traffic congestion in this case,
> since the goal justifies it.
Please note that some origin servers may have a different opinion about
this trade off: Some might view (repeatedly) terminated innocent
sessions as an attack and block all your traffic.
Alex.
More information about the squid-users
mailing list