RE: [squid-users] ACL processing in Squid 3.2

From: Jenny Lee <bodycare_5_at_live.com>
Date: Sat, 18 Aug 2012 17:43:01 +0000

nonhierarchical_direct off
Jenny
> Date: Sat, 18 Aug 2012 18:31:14 +0100
> From: a.farr_at_ntlworld.com
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] ACL processing in Squid 3.2
>
> I may be missing something here, but it looks like ACL processing is
> broken for at least some HTTPS requests in 3.2.
>
> Example configuration:
>
> acl useparent dstdomain domain.com
>
> cache_peer 172.25.2.70 parent 8080 0 no-query name=parent01
> connection-auth=off
>
> cache_peer_access parent01 allow useparent
> cache_peer_access parent01 deny all
>
> # Included to see if it made any difference
> always_direct deny useparent
> always_direct allow all
>
> Access over HTTP goes to the parent as expected, but HTTPS assess does not:
>
> 1345310649.623 644 10.0.0.1 TCP_MISS/200 8055 GET
> http://www.domain.com/ - FIRSTUP_PARENT/172.25.2.70 text/html
> 1345310544.835 8536 10.0.0.1 TCP_MISS/200 3580 CONNECT
> www.domain.com:443 - HIER_DIRECT/172.25.2.34 -
>
> Also tried adding:
> cache_peer_access parent01 allow CONNECT useparent
> but it made no difference.
>
> Build options:
> Squid Cache: Version 3.2.1
> configure options: '--prefix=/usr/local/squid'
> '--infodir=/usr/local/info' '--mandir=/usr/local/man'
> '--enable-async-io' '--enable-removal-policies=heap,lru'
> '--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups'
> '--enable-linux-netfilter' '--with-large-files' '--disable-snmp'
> '--disable-htcp' '--disable-ipv6' 'CFLAGS=-pipe -Wall -O2
> -fomit-frame-pointer -march=native -s' 'CXXFLAGS=-pipe -Wall -O2
> -fomit-frame-pointer -march=native -s'
> 'PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/lib64/pkgconfig'
>
> Any suggestions, or this a bug in 3.2?
>
> Andrew
>
>
Received on Sat Aug 18 2012 - 17:43:07 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 18 2012 - 12:00:03 MDT