Thanks Amos. "nonhierarchical_direct off" works well for the case. and, The reason I use A as a brige to B is based on the bandwidth concern mainly, the direct connection from clients to B is not that enough. Thanks all. On Sat, Jan 14, 2012 at 2:03 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 13/01/2012 4:03 p.m., Xizhen Du wrote: >> >> Hi all, >> >> I am quite new for squid, and now facing a case and no idea how to get it >> work. >> >> There's 2 proxies: >> >> Proxy A: nearly a default setup, just configured cache_peer to B >> Proxy B: as the parent for A, accepts the requests from A >> >> So the simple picture is that: Web clients ----> A ----> B, and it is >> supposed that all web requests(http, https) are leaving from B to the >> destionation servers. >> Web browser on clients is with proxy A(for all protocals in settings >> including https) >> >> Right now seeing all "http" request are forwarded to B as expected, >> but those "https" are reaching outside from A directly, not over B. >> >> Any idea is appreciated, Thanks a lot! > > > HTTPS is usually passed over HTTP in the form of CONNECT requests > establishing a tunnel. It is far more efficient for Squid to simply open the > tunnel and relay teh data down it than to relay both the tunenl and data > inside via a peer. This is why it "reaches outside from A directly". > > You can use "nonhierarchical_direct off" to make these tunnels and a few > otehr requets go through the peer. > > Amos
