On 17/09/2015 4:36 a.m., Yuri Voinov wrote: > > Hm. > > If I understand correctly, the right configuration must be: > > # Privoxy+Tor access rules > never_direct allow CONNECT > never_direct allow tor_url > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default > > cache_peer_access 127.0.0.1 allow tor_url > cache_peer_access 127.0.0.1 deny all > > Right? > > But: > > http://i.imgur.com/UMxt2vh.png > > Is CONNECT always requires DIRECT? In the above yes. If you don't want that remove the never_direct for CONNECT as well. > > I can't see FIRSTUP_PARENT for CONNECT in access log: > > 1442419630.962 168084 127.0.0.1 TAG_NONE/200 0 CONNECT > torproject.org:443 - HIER_DIRECT/154.35.132.70 - > 1442420935.127 168180 127.0.0.1 TAG_NONE/200 0 CONNECT > torproject.org:443 - HIER_DIRECT/38.229.72.16 - > Those appear to be CONNECT requests which got ssl_bump'ed, not passed on upstream. The access controls about how to pass things upstream are irrelevant for them. > Because of IP's banned by ISP, direct CONNECT got timeout. > > Also, all rot_url ACL can't connect. > > Where I'm wrong? Where is the server IP coming from? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
