[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?
Yuri Voinov
yvoinov at gmail.com
Mon Sep 21 19:33:23 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Here is access log when using IE:
1442863815.068 785 127.0.0.1 TCP_MISS/302 506 GET
http://torproject.org/ - FIRSTUP_PARENT/127.0.0.1 text/html
1442863816.542 105231 127.0.0.1 TAG_NONE/200 0 CONNECT
www.torproject.org:443 - HIER_DIRECT/2001:41b8:202:deb:213:21ff:fe20:1426 -
1442863821.899 105210 127.0.0.1 TAG_NONE/200 0 CONNECT
www.torproject.org:443 - HIER_DIRECT/2001:41b8:202:deb:213:21ff:fe20:1426 -
and then timeout. Sometimes second connect goes to IPv4 address,
sometimes IPv6.
When using Chrome/Firefox, session always starts from CONNECT 443 port.
22.09.15 1:23, Antony Stone пишет:
> On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote:
>
>> 22.09.15 1:15, Amos Jeffries пишет:
>>
>>> HSTS is opt-out. Strip the *response* header on the first contact and it
>>> disappears.
>>
>> I can't. Because first connection can't occur during ISP ban by IP.
>> First contact is never occurs.
>
> If first contact never occurs, HSTS doesn't apply. Client has no clue
that the
> server requires HTTPS.
>
>
> Antony.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWAFuDAAoJENNXIZxhPexGZIQH/3dB40+ex5LlrEoHmGZI2+x3
GApcjHp6vVJ4d9wrYwWLL8OWbSoUwInlifDO7MUK2kUVqXtGcKA/D5IPIT+wWToH
pqhuimWuJLMWmfhWSEh02d60EhntxLWozrV9kA9XweFYeaccq9FDVs7N9CFDxQ/B
axXJuToNTg47OieLjpa3gdNrIw/ENogLwzxlvCVyUdMF9cur+2Tfw9aM8D7hXeP1
AYmVq442guJc4x7DB67SwoGKNk+upUnkjHWK9x8WIgwpt/hsDoe+F1V5hmHHCPzE
zixSZexV2xoPqOodwQ3o+pZaAQIinDMK/AUGDCM5a1QahozLsb5ST0vZBYk7mPs=
=Dy1o
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list