[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

Yuri Voinov yvoinov at gmail.com
Fri Sep 18 16:48:51 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


18.09.15 21:22, Matus UHLAR - fantomas пишет:
> from earlier e-mail:
>
>> acl tor_url url_regex "C:/Squid/etc/squid/url.tor"
>
> On 17.09.15 18:47, Yuri Voinov wrote:
>> acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* kaspi\.kz
>> ssl_bump splice NoSSLIntercept
>
>> # Privoxy+Tor access rules
>> never_direct allow tor_url
>
>> cache_peer_access 127.0.0.1 allow tor_url
>
> I wonder if the never_direct and cache_peer_access should not use the same
> acl as "ssl_bump splice".
> Also, the regex \.icq\.* will apparently never match, there should be
"\.icq\..*" or simply "\.icq\."
This match ICQ.COM HTTP over 443 port.
>
> ...regex should match inside the server_name, correct?
> in such case apparently kaspi\.kz should be "kaspi\.kz$"
no. This must match kaspi\.ks.*
And this match.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJV/EBzAAoJENNXIZxhPexGtjcH/jOOCtBpfW1KyqDrhZDyGCgF
oFPmwI0ZzyXgd0mzfgxfT1EvGGNFzHH9zLgSzx5uUz6ipwBKqmnTA6uqWkaORE5S
rClkoPF4xT3o4yEsvHU5Z6ZoL7xXEAbwsvgwhOolh/pAB1meW0ZXqZre+mrBGiaP
JOnXbjzls4Qy5CnzGzBUcPM9XVVMfcWF9oiobAct4CPmABeymxSkwGFW5zPMm/mA
XiggAc4ZuRzMI4iS7/sfP2LHxej1GH8QMGsXHL8VvWZz4MxaThIJk805PAdpRNiI
NyT+xE+W7GLuQvUu0IEsaM9fl7G47OeCgCERhD1Chwf2+uKW+ObbLWfLUFlaGwI=
=xiVd
-----END PGP SIGNATURE-----



More information about the squid-users mailing list