On 8/09/2015 7:45 p.m., Dan Charlesworth wrote: > This: > 08/Sep/2015-17:41:38 11049 10.0.1.7 TCP_TUNNEL 200 12871 CONNECT api.github.com:443 api.github.com - peek Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010.10;%20rv:40.0)%20Gecko/20100101%20Firefox/40.0 HIER_DIRECT/192.30.252.127 - > The first one is an HTTP CONNECT message sent by a user agent. Thus a full set of HTTP message headers are available. > Compared to this: > 08/Sep/2015-17:04:17 13359 10.0.1.7 TCP_TUNNEL 200 13741 CONNECT 192.30.252.126:443 api.github.com - splice - ORIGINAL_DST/192.30.252.126 - > The second one is a fake CONNECT generated internally by Squid using only the TCP SYN packet details (src IP:port and dst IP:port) on a port 443 intercepted connection. Thus none of the client details except IP:port are available. Its not related to the peek or splice actions themselves. The data is known (or not) well before either happens. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
