[squid-users] squid 4.5, can't download certificate?

Dmitry Melekhov dm at belkam.com
Wed Jan 23 04:40:10 UTC 2019


22.01.2019 19:51, Alex Rousskov пишет:
>
> It sounds like you misunderstood my questions. I will detail them below.
>
> I suspect that fff...fff comes from %>A (whether that %code comes from
> the default url_rewrite_extras in your configuration is unimportant).
>
> %>A is documented to to be a client FQDN. I am not sure, and this is not
> documented, but perhaps when the client IP address does not point back
> to a domain name, %>A should be a client IP address.
>
> For intermediate certificate downloading transactions, Squid does not
> have a client address because those transactions are not initiated by a
> client connection to Squid. They are generated internally by Squid. In
> such cases, Squid should be sending a dash (-), not 127.0.0.1, not
> fff...fff, not localhost, and not anything else that might be
> misinterpreted as a client IP address or domain name.
>
> I have not investigated why Squid does not send a dash, or what it would
> take to fix Squid, but it is likely that this will be eventually fixed
> because lying about client address is a bug. To plan the deployment of
> that future fix, it may be useful to know whether the redirector you use
> handles a dash value for %>A correctly. You may be able to test that by
> configuring url_rewrite_extras explicitly and replacing %>A with a dash.


Thank you for explanation, it is easier for me to contact rejik 
developer and ask him to pass traffic if client address is "-" as he 
already did for

fff...fff.  So, I'll inform him that such change is planned and he will be ready :-)

Thank you!




More information about the squid-users mailing list