nonhierarchical_direct off Jenny > Date: Sat, 18 Aug 2012 18:31:14 +0100 > From: a.farr@xxxxxxxxxxxx > To: squid-users@xxxxxxxxxxxxxxx > Subject: ACL processing in Squid 3.2 > > I may be missing something here, but it looks like ACL processing is > broken for at least some HTTPS requests in 3.2. > > Example configuration: > > acl useparent dstdomain domain.com > > cache_peer 172.25.2.70 parent 8080 0 no-query name=parent01 > connection-auth=off > > cache_peer_access parent01 allow useparent > cache_peer_access parent01 deny all > > # Included to see if it made any difference > always_direct deny useparent > always_direct allow all > > Access over HTTP goes to the parent as expected, but HTTPS assess does not: > > 1345310649.623 644 10.0.0.1 TCP_MISS/200 8055 GET > http://www.domain.com/ - FIRSTUP_PARENT/172.25.2.70 text/html > 1345310544.835 8536 10.0.0.1 TCP_MISS/200 3580 CONNECT > www.domain.com:443 - HIER_DIRECT/172.25.2.34 - > > Also tried adding: > cache_peer_access parent01 allow CONNECT useparent > but it made no difference. > > Build options: > Squid Cache: Version 3.2.1 > configure options: '--prefix=/usr/local/squid' > '--infodir=/usr/local/info' '--mandir=/usr/local/man' > '--enable-async-io' '--enable-removal-policies=heap,lru' > '--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups' > '--enable-linux-netfilter' '--with-large-files' '--disable-snmp' > '--disable-htcp' '--disable-ipv6' 'CFLAGS=-pipe -Wall -O2 > -fomit-frame-pointer -march=native -s' 'CXXFLAGS=-pipe -Wall -O2 > -fomit-frame-pointer -march=native -s' > 'PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/lib64/pkgconfig' > > Any suggestions, or this a bug in 3.2? > > Andrew > >
