Re: [squid-users] https-proxying question

From: Henrik Nordstrom <[email protected]>
Date: Wed, 20 Apr 2005 02:27:42 +0200 (CEST)

On Tue, 19 Apr 2005, Joost de Heer wrote:

> cache_peer_access xxx.xxx.xxx.yyy allow HTTPS
> cache_peer_access xxx.xxx.xxx.yyy deny all
> cache_peer_access xxx.xxx.xxx.xxx deny HTTPS
> cache_peer_access xxx.xxx.xxx.xxx allow all
>
> But this isn't working: https-requests are still sent to the default parent.
>
> I assume it's possible to use an acl based on the CONNECT method, but why
> doesn't the above work as expected?

Correct.

This because proxied HTTPS requests is not using the HTTPS protocol
identifier to the proxy, only as a CONNECT method indicating that the
browser wishes to exchange some data with a server on a specific port.

Regards
Henrik
Received on Tue Apr 19 2005 - 18:27:44 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT