On 25/06/18 23:27, --Ahmad-- wrote: > Hi Amos > > thanks for the reply . > > actually the sample i put is seems incorrect im supposed to push the request as below : > > 25/Jun/2018:12:22:16 +0100 4057 32.175.99.98 16993 188.157.235.133 2000 TCP_TUNNEL/200 224466 CONNECT www.google.com:443 dfrrew HIER_DIRECT/ www.google.com 2a00:1450:4009:815::2004 2406:a901:416f:bdd9:392:4b51:d110:c6b9 > 25/Jun/2018:12:22:17 +0100 3456 32.175.99.98 17317 188.157.235.133 2000 TCP_TUNNEL/200 211560 CONNECT www.google.com:443 dfrrew HIER_DIRECT/ www.google.com 2a00:1450:4009:815::2004 2406:a901:6963:b915:91dd:ac97:af6b:843e > 25/Jun/2018:12:22:17 +0100 2351 32.175.99.98 17607 188.157.235.133 2000 TCP_TUNNEL/200 220144 CONNECT www.google.com:443 dfrrew HIER_DIRECT/ www.google.com 2a00:1450:4009:815::2004 2406:a901:d64b:2c12:29a0:3422:f505:a689 > 25/Jun/2018:12:22:17 +0100 2299 32.175.99.98 17491 188.157.235.133 2000 TCP_TUNNEL/200 174475 CONNECT www.google.com:443 dfrrew HIER_DIRECT/ www.google.com 2a00:1450:4009:815::2004 2406:a901:52f5:b367:b482:40da:36f7:7bf6 > > > so above is what is what logs i say about . > > > all what i need is to know if the request gone correctly > or there was a captcha page There is no way to tell from that. CONNECT is a tunnel containing many encrypted/hidden requests. Since that is a custom format, I hesitate to say what the above means. > > is there any footprints can i look for to know ? Not without SSL-Bump decrypting the tunnel contents. > like message reply size or so as connection encrypted > many thanks > The size of data in the tunnel can give a rough view of whether it did *something*, vs was dropped by the server. eg sending KB or more data likely did at least one HTTP request/reply (assuming its actually HTTPS). Other than that, no. TLS is designed explicitly to hide that type of info you are looking for. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
