Search squid archive

Re: Is it possible to send the connection, starting with the CONNECT, to cache-peer?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



17.09.15 10:50, Amos Jeffries пишет:

On 17/09/2015 4:36 a.m., Yuri Voinov wrote:

Hm.

If I understand correctly, the right configuration must be:

# Privoxy+Tor access rules
never_direct allow CONNECT
never_direct allow tor_url

# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default

cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all

Right?

But:

http://i.imgur.com/UMxt2vh.png

Is CONNECT always requires DIRECT?

In the above yes. If you don't want that remove the never_direct for
CONNECT as well.


I can't see FIRSTUP_PARENT for CONNECT in access log:

1442419630.962 168084 127.0.0.1 TAG_NONE/200 0 CONNECT
torproject.org:443 - HIER_DIRECT/154.35.132.70 -
1442420935.127 168180 127.0.0.1 TAG_NONE/200 0 CONNECT
torproject.org:443 - HIER_DIRECT/38.229.72.16 -


Those appear to be CONNECT requests which got ssl_bump'ed, not passed on
upstream. The access controls about how to pass things upstream are
irrelevant for them.


Because of IP's banned by ISP, direct CONNECT got timeout.

Also, all rot_url ACL can't connect.

Where I'm wrong?

Where is the server IP coming from?

Server IP comes from local DNS cache, which is got right IP via dnscrypt.
I was in this case confused by the fact that CONNECT and does not go into the tunnel. 

I've correct configuration a bit, but still no effect:

# SSL bump rules
sslproxy_cert_error allow all
ssl_bump none localhost
ssl_bump none url_nobump
ssl_bump none dst_nobump
ssl_bump server-first net_bump

# Privoxy+Tor access rules
never_direct allow tor_url

# And finally deny all other access to this proxy
http_access deny all

# -------------------------------------
# HTTP parameters
# -------------------------------------
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default

cache_peer_access 127.0.0.1 allow tor_url
cache_peer_access 127.0.0.1 deny all



Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux