Hi there, i've been new to squid and trying to get a certain problem solved. I have a setup with an VPN server, redirecting any traffic to its port 80/443 to a squid server. The users within that VPN can browse the web (both http and https) without any problems. However, I need to redirect http(s) traffic for a list of domains to another proxy. While this works fine for http, it doesn't work for https, even with the peek-n-slice functionality available in 3.5+. Below is my current configuration: ``` http_port 3128 https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/squid.pem options=NO_SSLv2:NO_SSLv3 sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 # peek SNI and splice all https connections for tunneling acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice all # ACL for SNIs that need to be forwarded to another proxy acl sni_fwd ssl::server_name .google.com # redirect matching traffic to another proxy cache_peer 10.0.2.115 parent 3128 0 no-query default name=px2 cache_peer_access px2 allow sni_fwd cache_peer_access px2 deny all ``` Surprisingly, http requests are sent to px2, but https ones are not. What I'm doing wrong here? Note: Requests not matching the SNI ACL shall not be forwarded and processed directly. Best regards, Christian _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users