-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The problem is: I can't see most part of ICQ traffic. Because of it uses non-HTTP/HTTPS/FTP ports. Only with sniffer. Looks like this: 1. Login starts over 5190 port with CONNECT method. And normal squid's config blocks it - this is non-SSL port. 2. If we add this port to SSL_ports acl, connect starts via HTTP over HTTPS port. Squid's prohibit it too. If we relax config (and make it less secure!), login phase goes next step. 3. And finally Squid got XML-answer via HTTP/HTTPS, which is visible by squid, and at this moment client got "Login denied, check login/password". Whenever right or wrong password. Viola, connection denied completely. 27.10.15 0:27, Amos Jeffries пишет: > On 27/10/2015 6:30 a.m., Yuri Voinov wrote: >> >> I think the right question is not "What headers pass through Squid" and >> "Why did they pass through a transparent proxy, if the port that is >> used, not 80 or 443?" >> > > ICQ speaks HTTP on port 80. Not sure about 443, it should at least speak > TLS hopefully with ALPN and/or HTTP inside. > > Even so, whats going through (or at least into) Squid is the detail you > need to provide to get a chance at a solid answer. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWLo7hAAoJENNXIZxhPexGodsIAKHkuz36C7/V2E4VLWMSdMUy eTjSnG0A58+h3Kl70cR/u0ICkI0aK5wqTP+51S3CPIw7c0l6eWKx1Yb6Qz0sbJjw wy6PJKQx2nNUt9CDX7MMaETwpyWDfkxl7RjbskvmOQbGwf+EgK4HPGO8bn/FZTu3 r4HhN6ARxoIpGqHt8uQbfaV8jHw2Xgl/MonWlEKKn7Nv/JeQcXjfeko4u+3hGl45 v6PkLD8SsMhgmqOI48MnxkvQSfjUGpSbDej0vb/Jy4jYcmZz3qCcUoJflMdIG6nD PlmQFloofXXApm7nf7gAJ0v1j2B/oXexMjW838Ge7LMAQ4xfrwszznlu76rHKJk= =2khV -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users