[squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

Alex Rousskov rousskov at measurement-factory.com
Wed Oct 4 17:25:33 UTC 2017


On 09/30/2017 11:14 PM, Jeffrey Merkey wrote:
>> After reviewing this problem and all of the great technical
>> information folks provided, I have it working and I figured out the
>> best way to deal with this transparently allowing squid to remotely
>> spoof the server side with modified request headers.

Overall, the above is _not_ the best way to deal with the encoding
problem. The overall best way is for your eCAP or ICAP service to decode
virgin and encode adapted message bodies as needed. That way, your Squid
does not mangle client requests to lie about accepted encodings and your
service can handle cases where the origin server sends encoded messages
regardless of the request Accept headers.

Alex.


More information about the squid-users mailing list