[squid-users] Connection to cache peer failed "SSL Transparent proxy'

Walid A. Shaari walid.shaari at linux.com
Thu Feb 7 03:11:12 UTC 2019 

Got it. Thank you Amos

On Thu, 7 Feb 2019, 03:47 Amos Jeffries <squid3 at treenet.co.nz wrote:

> On 7/02/19 8:03 am, Walid A. Shaari wrote:
> >
> > On Wed, 6 Feb 2019 at 05:53, Amos Jeffries wrote:
> >
> >     > ssl_bump peek step1
> >     >
> >     > ssl_bump splice  azure_sites azure_sites2 #Avoid bumping
> >     Microsoft/Azure
> >     > related sites
> >     >
> >
> >     The way ACLs work in Squid items on a line like "azure_sites
> >     azure_sites2" *both* have to match for the lines action to be used.
> >
> >     So the above line means all those domains except *.microsoft.com
> >     <http://microsoft.com> will
> >     *not* be spliced here even if a URL domain was available.
> >
> >
> > Sorry, I did not get that, is it because microsoft.com
> > <http://microsoft.com> is duplicated by mistake twice on both lines?
> >
>
> I mean the names which only occur in one of the two ACL checks will do
> possibly unwanted things. see the FAQ
> <https://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes> for
> details.
>
> For example; when the request is for "microsoftazurestack.com" the
> azure_sites2 part would be false. Which then means the splice is not done.
>
> The only domain(s) where both azure_sites AND azure_sites2 are
> matching/true are the *.microsoft.com names.
>
>
>
> That said, I do not see any reason why you have two ACLs in the first
> place. You could probably combine the two into one name and remove
> azure_sites2 entirely.
>
> PS. If the problem is line length for the list you can have multiple
> 'acl' lines adding different values to an ACL (like our default
> Safe_Ports does) so long as the type is identical.
>
> OR, you can also wrap config lines using a '\' right before the
> end-of-line CRLF and whitespace to start the wrapped line part. Like:
>
>  directive value1 value2 \
>    value3 \
>    value4
>
> OR, you could place the list in a file and have the ACL load the values
> from there.
> Amos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190207/e8e79ba8/attachment.html>

More information about the squid-users mailing list