[squid-users] Splice certain SNIs which served by the same IP
Christos Tsantilas
christos at chtsanti.net
Tue Feb 22 21:43:36 UTC 2022
On 22/2/22 9:45 μ.μ., Eliezer Croitoru wrote:
> Just To mention that once Squid is not splicing the connection it would have
> full control in the URL level.
Exactly.
For many HTTP2 sites the SNI does not provide enough info for
splicing/bumping decision.
The google sites is one of them. You can not safely bump google.com or
youtube.com and splice gmail.com. You have to weighing the risks and
probably splice all google sites including the gmail.com.
> I do not know the scenario but I have yet to have seen a similar case and
> it's probably because I am bumping
> almost all connections.
... and because squid while proxying uses HTTP/1.1 protocol not HTTP/2.
Regards,
Christos
>
> Eliezer
>
> ----
> Eliezer Croitoru
> NgTech, Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
>
More information about the squid-users
mailing list