I am trying to finalize an accelerator configuration in 3.1. The accelerator has cache disabled (we use an external service) with cache deny all. We have several public IPs that send requests to back end Apache servers using http. The accelerator will provide both http and https for a while. A few questions: Trying to get a A rating in Qualys site and the best I can get is A- due to forward secrecy not supported for a few browsers. I think this is due to Squid not being able to support ECDHE (which some of those browsers need). Just wanted to confirm that we're not missing something. Is there any alternate configuration that we may be able to do? I have an ACL that I want to send a TCP reset if the url being requested matches a regx. It seems to work, but in testing the first time a browser request the url, the upper left corner of the browser has the word "reset" in it. Subsequent requests seem to work as expected and the client/browser gets the reset. In the cache log I see: errorpage.cc(293) errorTryLoadText: '/usr/share/squid/errors/en-us/TCP_RESET': (2) No such file or directory WARNING: Error Pages Missing Language: en-us errorpage.cc(293) errorTryLoadText: '/usr/share/squid/errors/en/TCP_RESET': (2) No such file or directory" "WARNING: Error Pages Missing Language: en I touched an empty file in the directories and the errors went away. Now after a squid restart I get "max-age=86400" in the upper left corner once then it goes away and works as expected (client gets reset). Just curious if this is expected? Here is the ACL: acl www_url url_regex -i [^:]+://www.example.com.* deny_info TCP_RESET www_url Trying to understand if we should use the always direct directive with this configuration. As stated, we just want to send public requests to the backend servers. The current ACL for this is: acl apache dst 10.10.10.0/24 always_direct allow apache always_direct deny all _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
