Re: SSL with Squid 2.2 Stable 5 with FreeBSD 3.4 - RELEASE

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 16 Jan 2000 00:48:55 +0100

Nielson Assa wrote:

> ###
> acl SSL_access url_regex ^https:// ^:443 ^:563 https:// :443 :563
> always_direct allow SSL_access
> cache_peer parent.proxy parent 3128 3130
> cache_peer_access parent.proxy deny SSL_access
> ###

A simpler and more appropriate config for forcing SSL to go direct would
be

always_direct allow CONNECT

The url_regeg https: does not make sense. Squid cannot see the URL of
SSL encrypted HTTP requests.

One thing to note which may be of importance is that most Netscape
browsers are buggy and the "Security Proxy" setting must be different
from the other proxies, or things may fail if you make a quick
transition from a http: to a https: site. When it fails you will se
https:// URLs in access.log, and messages about the fact in cache.log as
well.

--
Henrik Nordstrom
Squid hacker
Received on Sat Jan 15 2000 - 21:03:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:25 MST