I think, in the sslbump mode, if PROXY protocol is enabled, client cannot set up the SSL tunnel with squid after CONNECT call succeeds. I remember that HAProxy will send PROXY protocol line during ssl negotiation. If squid does not parse the PROXY protocol header during SSL negotiation, this will cause the problem.
AlexOn Mon, Apr 13, 2015 at 7:56 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Yes that should work.On 14/04/2015 4:47 a.m., Yuhua Wu wrote:
> For example, is this configuration supported?
>
> http_port 3129 require-proxy-header ssl-bump ……
>
> By the way, we added acl rules:
>
> acl frontend src 10.0.0.0/8
> proxy_protocol_access allow frontend
>
> Alex
>
<http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#ss2.7>
Your above config example decrypts the traffic through the following layers:
HTTPS over HTTP/1.x over PROXY/TCP ...
As you can see the PROXY and HTTPS layers are separate protocols that
dont interact.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
