Jeff, thank you for your kind support. The technical description of my setup follows, after comments on your reply. If I get your config change correct, you bypass the squid proxying by using kb.4d.com as a peer cache, right? Why do you do this? Were you able to verify my problem if you run your squid WITHOUT your additional lines? Passing SSL Traffic through squid worked seamlessly the last few years, so I did not take a close look on the documentation on that. I will do so, soon. TECHNICAL DESCRIPTION ====================== First, I have tested two diffrent Squid versions on my debian based proxy: 2.7STABLE3 and Version 3.0.STABLE8: proxy:/proxy/polipo# /usr/sbin/squid -v Squid Cache: Version 2.7.STABLE3 configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS=' proxy:/proxy/polipo# /usr/sbin/squid3 -v Squid Cache: Version 3.0.STABLE8 configure options: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-d omain-NTLM' '--enable-ntlm-auth-helpers=SMB' '--enable-digest-auth-helpers=ldap,password' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_ group' '--with-filedescriptors=65536' '--with-default-user=proxy' '--enable-epoll' '--enable-linux-netfilter' 'build_alias=i486-linux-gnu' 'CC=cc' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=g++' 'CXXFLAGS=-g -O2 -g -Wall -O2' 'FFLAGS=-g -O2' The setup is: LAN -----> Squid ----> DSL Router ----> Internet The Squid setup is: proxy:~/# grep -v "#" /etc/squid/squid.conf| grep -v '^$' http_port 8080 icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY maximum_object_size 100000 KB cache_dir ufs /proxy/cache 1500 128 256 cache_access_log /proxy/log/access.log cache_log /proxy/log/cache.log cache_store_log /proxy/log/store.log debug_options ALL,1 hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 192.168.2.0/24 192.168.0.0/24 192.168.250.0/24 http_access allow our_networks http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_mgr webmaster@xxxxxxxxx logfile_rotate 5 coredump_dir /var/spool/squid There seems to be no magic.... There is one strange thing in my cache.log file when I enter http://kb.4d.com: 2009/05/04 07:19:22| ctx: exit level 0 2009/05/04 07:19:22| ctx: enter level 0: 'http://kb.4d.com/DAX/logout?sessionid=' 2009/05/04 07:19:22| WARNING: HTTP header contains NULL characters {Server: 4D_v11_SQL/11.4.0 Date: Mon, 03 May 2009 05:19:22 GMT Cache-Control: max-age=0, private, must-revalidate Connection: close Content-length: 178 Content-Type: text/xml Expires: ue, 04 May 99 05:19:22 GMT} > > Sig Pam: > > Hi Folks! > > > > I have the problem that squid obviously modifies web site > contents during > > transit. For example, using the web site http://kb.4d.com > through a squid > > proxy does not work (will not show the knowlegebase content). > > I added the config below to squid-3.0-stable14 here, it works fine. > > cache_peer 64.94.92.31 parent 80 0 no-query front-end-https=auto > originserver name=origin_3_1 > acl service_3 dstdomain kb.4d.com > cache_peer_access origin_3_1 allow service_3 > > How are you using squid for the site? with a reverse proxy? > what's the > squid version? > > > > > The same happens if I try to send data via https to the > german tax office > > (ELSTER - ELektronische STeuerERklärung). Sending tax > reports does'nt work > > through squid, but works with polipo. > > > > Passing https requests through Squid need additional config > like the SSL > certificate and private key. > You may double check squid.conf and logs for details. > > > > > Maybe somebody could point me to a good starting point to > fix the squid. As > > far as I know, squid should not do any content filtering ba > itself - or does > > it? > > > > YES Squid won't modify HTTP response body unless you specify > it to do that. > > -- > Jeff Pang > DingTong Technology > www.dtonenetworks.com > >