[squid-users] connect with http and https protocols
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Apr 29 14:35:52 UTC 2025
On 29.04.25 08:54, Renzo Marengo wrote:
>When client uses CONNECT directive I understand that proxy establishes
>tunnel to destination host on specified port
>
>e.g.
>http://www.example.com:8888/test.php
>https://www.example.com:8888/test.php
>
>1. I don't understand if this occurs both in presence of http and https
>requests, The request (using CONNECT method) can be http or https ?
When you enter "http://www.example.com:8888/test.php" into your browser,
your browser asks proxy server for "http://www.example.com:8888/test.php"
- it delegates fetching the content to proxy.
When you enter "https://www.example.com:8888/test.php" to your browser, it
asks proxy server to "CONNET www.example.com:8888" and browser handles the
SSL negotiation and further communication itself.
This way, you can tunnel different protocols through the proxy, not just
HTTP (squid must be able to allow it, the destination ports are usually
restricted via "https_port" acl).
>2. if In both cases CONNECT method is invoked but how I can discover
>protocol (http, https) looking for inside access.log ?
>A.B.C.D TCP_TUNNEL/200 7085 CONNECT mtalk.google.com:5228 - HIER_DIRECT/
>142.251.18.188
>
>I see only info about destination host and port but no http/https protocol
>is referenced.
In this case, client A.B.C.D asked the proxy to "CONNECT
mtalk.google.com:5228" and the proxy fullfilled the request.
In case of CONNECT requests, the proxy has no idea what data flow through
the server. Afaik mtalk.google.com:5228 is used for google/firebase cloud
messaging.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
More information about the squid-users
mailing list