On 27/10/2015 9:36 a.m., Yuri Voinov wrote: > > The problem is: I can't see most part of ICQ traffic. Because of it uses > non-HTTP/HTTPS/FTP ports. Only with sniffer. Okay, that should not matter much. That part of the traffic there is nothing we can do about in Squid. > > Looks like this: > > 1. Login starts over 5190 port with CONNECT method. And normal squid's > config blocks it - this is non-SSL port. Nod. > 2. If we add this port to SSL_ports acl, connect starts via HTTP over > HTTPS port. Squid's prohibit it too. If we relax config (and make it > less secure!), login phase goes next step. Pause, how does Squid prohibit that _exactly_ ? Maybe somebody else can find a way to do it without loosing security. > 3. And finally Squid got XML-answer via HTTP/HTTPS, which is visible by > squid, and at this moment client got "Login denied, check > login/password". Whenever right or wrong password. Okay. That sounds a bit like it could be from something Squid is adding (or not adding). Actually seeing those request and reply messages here would help a lot. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
