-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sure. I've tried all possible combinations. Including this: # SSL bump rules sslproxy_cert_error allow all acl DiscoverSNIHost at_step SslBump1 ssl_bump peek DiscoverSNIHost acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* ssl_bump splice NoSSLIntercept ssl_bump bump all # Privoxy+Tor access rules never_direct allow CONNECT never_direct allow tor_url always_direct deny tor_url always_direct allow all # Local Privoxy is cache parent cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default cache_peer_access 127.0.0.1 allow CONNECT cache_peer_access 127.0.0.1 allow tor_url cache_peer_access 127.0.0.1 deny all The problem is: I need to forward ro parent AND combination for CONNECT and tor_url ACL. Something like this: # Privoxy+Tor access rules never_direct allow CONNECT tor_url never_direct allow tor_url always_direct deny tor_url always_direct allow all # Local Privoxy is cache parent cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default cache_peer_access 127.0.0.1 allow CONNECT tor_url cache_peer_access 127.0.0.1 allow tor_url cache_peer_access 127.0.0.1 deny all But this also doesn't work. I'e., most queries must outgoing via Squid, with SSL Bump if needed, but selected URLs must goes via cache_peer to Tor, both HTTP/HTTPS, and HTTPS without bumping. Can't understand how to achieve this. 16.09.15 21:34, Amos Jeffries пишет: > On 17/09/2015 3:18 a.m., Yuri Voinov wrote: >> >> This: >> >> http://osdir.com/ml/web.squid.general/2003-04/msg00800.html >> >> does not work. > > Do you have always_direct rules that match the request(s)? > or "nonhierarchical_direct on" ? > > The order of invocation is: > > nonhierarchical_direct (on means dont use peers for methods which are > uncacheable) > > always_direct (allow means dont use peers at all) > > never_direct (allow means dont use DIRECT/ORIGINAL_DST) > > prefer_direct (on means use peers as last resort) > > cache_peer_access (deny means dont use this peer) > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV+Y3yAAoJENNXIZxhPexGlmcH/3tBQvK14s468GAoc2KfeojA 8o9tL4YvLwRFKabmROtAdaZgOoYuBixHeHAa8Z1G3TezTmFxpg7MntT7mg0K/O1W KXM5pOkjMnGFjCrHyVxHH3Lrcb3lDLO3BpHkeV8531KMinizQyroAb260gvI+r71 Q63nVT5hOaRlFgoIQX35eJc3bdAMH6To4mS8xws7djZnpB2XBlQt7wDCRxhy8gm5 1eoeP9rBdX71IGK1HutqnmVOjjKkobPD3TlFXdtm3KoUOLfz0OCa3zbfw+S7p2D7 AqvXvXVCvUVPgyzFp+TsDsI/7twEhjvGTsLeNbppojfVxMAIf25t0F9YxG443fs= =XZT8 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
