On 17/09/2015 3:42 a.m., Yuri Voinov wrote: > > Sure. > > I've tried all possible combinations. > Including this: > > # SSL bump rules > sslproxy_cert_error allow all > acl DiscoverSNIHost at_step SslBump1 > ssl_bump peek DiscoverSNIHost > acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* > ssl_bump splice NoSSLIntercept > ssl_bump bump all > > # Privoxy+Tor access rules > never_direct allow CONNECT > never_direct allow tor_url > always_direct deny tor_url > always_direct allow all > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default > > cache_peer_access 127.0.0.1 allow CONNECT > cache_peer_access 127.0.0.1 allow tor_url > cache_peer_access 127.0.0.1 deny all The above rules enact the following policy: * CONNECT requests are required to go DIRECT "always_direct allow all" * tor_url requests use the peer, other traffic uses DIRECT "always_direct deny tor_url" plus, "never_direct allow tor_url" plus, "cache_peer_access 127.0.0.1 allow tor_url" > > The problem is: > > I need to forward ro parent AND combination for CONNECT and tor_url ACL. > remove all of the always_direct lines. remove the "cache_peer_access 127.0.0.1 allow CONNECT" line. That should be all you need. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users