[squid-users] Rewriting HTTP to HTTPS for generic package proxy
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 11 21:03:42 UTC 2024
On 11/07/24 00:49, Alex Rousskov wrote:
> On 2024-07-09 18:25, Fiehe, Christoph wrote:
>
>> I hope that somebody has an idea, what I am doing wrong.
>
> AFAICT from the debugging log, it is your parent proxy that returns an
> ERR_SECURE_CONNECT_FAIL error page in response to a seemingly valid
> "HEAD https://..." request. Can you ask their admin to investigate? You
> may also recommend that they upgrade from Squid v4 that has many known
> security vulnerabiities.
>
> If parent is uncooperative, you can try to reproduce the problem by
> temporary installing your own parent Squid instance and configuring your
> child Squid to use that instead.
>
> HTH,
>
> Alex.
> P.S. Unlike Amos, I do not see serious conceptual problems with
> rewriting request target scheme (as a temporary compatibility measure).
> It may not always work, for various reasons, but it does not necessarily
> make things worse (and may make things better).
>
To which I refer you to:
<https://cwe.mitre.org/data/definitions/311.html>
<https://cwe.mitre.org/data/definitions/312.html>
<https://cwe.mitre.org/data/definitions/319.html>
Cheers
Amos
More information about the squid-users
mailing list