On 06/24/2018 11:15 AM, Gordon Hsiao wrote: > why is redirector run before ssl-bump? Adding to Amos' response: Please note that the redirector runs both before SslBump for CONNECT URLs and "after" SslBump for each of the decrypted HTTP requests inside the CONNECT tunnel (if the tunnel was bumped). In other words, the redirector can attempt to "redirect" virtually any HTTP request allowed by Squid. What would happen to a bumped HTTPS GET request if it gets redirected to another _domain_? I am not sure, and I am not sure that whatever happens today will happen tomorrow. On one hand, admins do not want Squid to accidentally change the domain that the client thinks it is securely communicating with. On the other hand, some admins may have a legitimate need to do exactly that for some of the requests. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
