[squid-users] ssl-bump works, but leads to many client errors being logged (NONE_NONE/200)
slagauterie at hotmail.com
slagauterie at hotmail.com
Sun Dec 15 17:31:28 UTC 2024
Hello Rod,
Not an expert, but from my understanding it seems that your
NONE_NONE/200 are all related to a CONNECT. That means it is a SSL
Tunnel, which is the initial log of a HTTPS connection when doing
ssl_bumping.
It is normally followed by another "regular" log, where you can get
more information like protocole, Get or post, and URI, etc.
Bellow 2 examples from your access.log.
1) Here, you have a NONE_NONE/200 for the Tunnel, then a TCP_MISS/200
after bumping is performed:
14/Dec/2024:15:28:14 +0000 122 192.168.1.125 NONE_NONE/200 -/- 0
CONNECT 4chan.org:443 - HIER_DIRECT/4chan.org -
14/Dec/2024:15:28:14 +0000 239 192.168.1.125 TCP_MISS/200 -/- 4876
GET https://4chan.org/ - HIER_DIRECT/4chan.org text/html
2) Here, you have a NONE_NONE/200 for the Tunnel, then a
TCP_REFRESH_MODIFIED/200 after bumping is performed:
14/Dec/2024:15:28:17 +0000 105 192.168.1.125 NONE_NONE/200 -/- 0
CONNECT boards.4chan.org:443 - HIER_DIRECT/boards.4chan.org -
14/Dec/2024:15:28:17 +0000 117 192.168.1.125
TCP_REFRESH_MODIFIED/200 -/- 21264 GET https://boards.4chan.org/hr/ -
HIER_DIRECT/boards.4chan.org text/html
Regards,
Slag
Le samedi 14 décembre 2024 à 16:26 +0000, R a écrit :
> 14/Dec/2024:15:28:17 +0000 105 192.168.1.125 NONE_NONE/200 -/- 0
> CONNECT boards.4chan.org:443 - HIER_DIRECT/boards.4chan.org -
> 14/Dec/2024:15:28:17 +0000 117 192.168.1.125
> TCP_REFRESH_MODIFIED/200 -/- 21264 GET https://boards.4chan.org/hr/ -
> HIER_DIRECT/boards.4chan.org text/html
More information about the squid-users
mailing list