On 09/29/2015 05:02 PM, HackXBack wrote: > i dont know, but if connection cant bump .. if connection cant established , > then squid bypass this connection directly ... > this is how ... The pinning client (not Squid!) decides that the [successfully bumped from Squid point of view] connection is insecure and terminates it. When the pinning client terminates its bumped connection to Squid, it is too late for Squid to establish a spliced connection to the origin server -- the client is already done talking to Squid as far as this transaction is concerned... Moreover, there is so little information about the client available to Squid at the bumping decision point, that I doubt Squid can "learn" to recognize similar client connections in the future and avoid bumping them again (unless you are willing to tolerate lots of false positives and, hence, splice a lot of traffic from non-pinning clients). Said that, if somebody can build a good fingerprinting algorithm for pinning clients, you would be able to configure Squid to splice their connections. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
