Search squid archive

Re: Is it possible to send the connection, starting with the CONNECT, to cache-peer?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 17/09/2015 3:42 a.m., Yuri Voinov wrote:
> 
> Sure.
> 
> I've tried all possible combinations.
> Including this:
> 
> # SSL bump rules
> sslproxy_cert_error allow all
> acl DiscoverSNIHost at_step SslBump1
> ssl_bump peek DiscoverSNIHost
> acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.*
> ssl_bump splice NoSSLIntercept
> ssl_bump bump all
> 
> # Privoxy+Tor access rules
> never_direct allow CONNECT
> never_direct allow tor_url
> always_direct deny tor_url
> always_direct allow all
> 
> # Local Privoxy is cache parent
> cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
> 
> cache_peer_access 127.0.0.1 allow CONNECT
> cache_peer_access 127.0.0.1 allow tor_url
> cache_peer_access 127.0.0.1 deny all

The above rules enact the following policy:

* CONNECT requests are required to go DIRECT

 "always_direct allow all"

* tor_url requests use the peer, other traffic uses DIRECT

 "always_direct deny tor_url" plus,
 "never_direct allow tor_url" plus,
 "cache_peer_access 127.0.0.1 allow tor_url"


> 
> The problem is:
> 
> I need to forward ro parent AND combination for CONNECT and tor_url ACL.
> 

remove all of the always_direct lines.

remove the "cache_peer_access 127.0.0.1 allow CONNECT" line.

That should be all you need.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux