-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Antony, thank your for answer. My problem is a bit specific. I have some permanently ISP-banned sites. I need to pass-through it from transparent interception Squid to cache_peer - both plain HTTP and HTTPS tunnels without decryption. Sites defined in ACL. HTTP-only sessions forwarded correctly, but HTTPS is not. They goes directly. I can't pass all connections via tunnel. Just some specific sites. Example: torproject.org is permanently HTTPS now. Session starts with CONNECT method. If IP's banned by ISP, forwarding into parent (with Tor) does not work. I've tried to solve this, but unseccessful. Yes, I can use Tor browser itself. But via Squid+Privoxy+Tor - doesn't work. 15.09.15 23:49, Antony Stone пишет: > On Tuesday 15 September 2015 at 19:45:05, Yuri Voinov wrote: > >> I want to get the answer the people who did it. And not those that >> suggest that they could do it. > > I have a suggestion which I hope may help - show us a configuration you have > tried, following the documentation, and tell us in what way it fails to work > as expected - then we may be able to show you where the error is. > > It's quite significant that in your original question, you did not mention you > were using Squid in transparent SSL Bump mode, therefore the answer you > received did not take this into account. > > The more information you give us about what you want to achieve, what you've > done so far, and what goes wrong, the more we are able to help you debug the > problem. > > > Regards, > > > Antony. > >> 15.09.15 23:42, Matus UHLAR - fantomas пишет: >>>>> On 15.09.15 22:45, Yuri Voinov wrote: >>>>>> Does anyone know - is it possible to send the connection, starting >>>>>> with the CONNECT, to cache-peer? >>>> >>>> 15.09.15 23:17, Matus UHLAR - fantomas пишет: >>>>> cache_peer_access with proper ACLs should do that. >>>>> note that always_direct can avoid it. >>> >>> On 15.09.15 23:33, Yuri Voinov wrote: >>>> Squid working in transparent SSL Bump mode. >>>> >>>> AFAIK, here is SSL decrypts. AFAIK, decrypted tunnel denied to be >>>> forwarded to parent. >>>> >>>> I need to forward some URLs without decryption to peer. Whole session >>>> starting with CONNECT. >>>> >>>> Problem: Peer must accepts both HTTP and HTTPS connections. Yes, there >>>> is Privoxy, which can tunnel CONNECT. How to tell Squid - "Forward this >>>> URL and this URL into peer, whenever HTTP or HTTPS"? >>> >>> disable sslbump (enable "splice") with proper ACLs: >>> http://www.squid-cache.org/Doc/config/ssl_bump/ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV+FuyAAoJENNXIZxhPexGH4UH/i2tix795ui5wyJYud2dri4X aNvxYHDEKY0fT94y7CKZm2uHAXv1UxY/GWT3DCXkF63jFIrXKvLlm+pfQT7cvpos O2up5jrgXVg86/8MoTuFH5A3MSNYH01N0qfG85+YW/qGpVRvXdpfDZFrj/dBtefA t2+geOcPZ7LIcwzqCuuoJ8VVJMTmYBVDcpSFFdGcieVPUq3kuMP++kRC/Gn7znGh L9NgHCuUcQ7g7CUQViX5I3a8rU6SDhl0gLj9KUvkp0zqUO9cSifZakmFowTBzTyd Ix8AgE0R5puGpLv4PyGyuI6Be3cSQCpitQYlB0jrvsfqOqO2v3LMIDZAlh1yj5M= =GK+k -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
